The Tauri framework is affected by a high-severity vulnerability that could allow unauthorized access to local IPC commands.

A flaw in the is_local_url() function incorrectly classifies remote URLs as trusted local origins on Windows and Android, allowing an attacker to invoke local-only IPC commands.

With a CVSS score of 8.8, this vulnerability allows a remote attacker to bypass security boundaries and execute local-only commands. This could lead to sensitive data exposure or unauthorized actions being performed on the user's desktop or mobile device.

Immediate Action: Update the Tauri framework to version 2.10.3 or 2.11.1 immediately to resolve the URL validation issue.

Proactive Monitoring: Monitor application behavior for unexpected calls to local IPC interfaces originating from remote network locations.

Compensating Controls: Implement strict Content Security Policies (CSP) to restrict the origins that the application can communicate with.

Public Exploit Available: false

Developers utilizing the Tauri framework must upgrade to the specified patched versions immediately. This vulnerability poses a significant risk to application integrity and should be addressed without delay.