Product
CVE-2026-6662 is a vulnerability in ericc-ch copilot-api up to 0.7.0, specifically in the cors function of src/server.ts, leading to a permissive cross-domain policy that can be remotely exploited for cross-domain attacks.