AIKIDO-2025-10285

TL;DR

Affected versions of the package are vulnerable to improper input validation, allowing bypass of domain whitelisting in the browser_use module. Although the allowed_domains list is meant to restrict accessible URLs, an attacker can craft URLs with embedded basic authentication credentials—such as https://example.com:pass@localhost:8080—to trick the system into allowing navigation to unauthorized domains. This bypass arises from flawed parsing logic in the _is_url_allowed() method, which strips port and user information without verifying the true target domain. As a result, attackers may gain unauthorized access to internal services or perform enumeration on localhost and private networks.