VulnSea
CVE-2026-47735 — Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks · VulnSea