nvd.nist.gov/vuln/detail/CVE-2026-20841 this page would contain the best details on the CVE, there is a link to a forum discussing it
I don’t know for sure but I suspect it is like many of the other types of exploits where someone makes a normal looking URL but inside of it hides conditions that makes whatever is inspecting the URL to know that it should open in the web browser do something before it open the web browser. but before it does it it tells it to download some code and run it and that code then hijacks your “system” because the system service is running the code
Kazumara@discuss.tchncs.de 6 days ago
It uses a more generic shell linking method, that doesn’t just load web URLs but also file paths, including to executables.
news.ycombinator.com/item?id=46971516