Executive Summary

CVE-2026-6143 is a security vulnerability in the cc-switch application, specifically in its local proxy HTTP server component. The issue arises from an overly permissive Cross-Origin Resource Sharing (CORS) policy configured in the proxy server, which allows any website to send cross-origin requests to it.

Because of this permissive CORS configuration, a malicious webpage can remotely exploit the proxy to send unauthorized requests that automatically include the victim's API keys for various AI providers (such as Claude, OpenAI, Gemini). This enables attackers to misuse these API keys without needing to know them directly.

The attack requires only that a user visits a malicious webpage, which then detects the proxy's presence and sends crafted requests to it. The proxy injects the victim's API key into these requests, potentially allowing the attacker to exfiltrate sensitive AI responses or abuse the API.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have several negative impacts:

• Unauthorized use and abuse of your API keys, leading to unexpected financial costs.
• Potential exfiltration of sensitive data returned by AI providers, compromising confidentiality.
• Exhaustion of your API rate limits, which could disrupt legitimate use of AI services.
• Exposure of proxy configuration and connection statistics through unauthenticated endpoints, aiding attacker reconnaissance.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability can be detected by checking if the local proxy server at 127.0.0.1:15721 is running with a permissive CORS policy that allows any origin. One way to detect the proxy's presence is by sending an unauthenticated GET request to the /health endpoint, which returns a JSON status response if the proxy is active.

For example, you can use the following command to check the proxy's health endpoint:

• curl http://127.0.0.1:15721/health

If the proxy responds with a JSON status, it indicates the proxy is running and potentially vulnerable due to its permissive CORS configuration.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include removing or restricting the permissive CORS policy in the local proxy server configuration.

• Replace the current CORS policy that allows any origin with a restrictive policy that only allows localhost origins such as http://localhost and http://127.0.0.1.
• Alternatively, remove the CORS layer entirely since the proxy is intended only for local CLI tools, which do not require CORS.
• Implement local secret bearer token authentication for all proxy requests to prevent unauthorized access.

These changes prevent browser-based cross-origin requests to the proxy, blocking malicious web pages from abusing the proxy to exfiltrate API keys or misuse the service.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in CVE-2026-6143 involves a permissive Cross-Origin Resource Sharing (CORS) policy in the local proxy server that allows malicious web pages to perform unauthorized cross-origin requests. This can lead to exfiltration of sensitive API keys and potentially sensitive AI response data.

Such unauthorized access and data exfiltration risks could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Specifically, the vulnerability could lead to exposure of sensitive data processed by AI providers, unauthorized use of API keys resulting in financial and data misuse, and lack of proper access controls, all of which are concerns under these regulations.

Therefore, organizations using affected versions of cc-switch may face compliance challenges if this vulnerability is exploited, as it undermines the confidentiality and integrity of sensitive data and credentials.

Useful 0 Not Useful 0