← back
CVE-2026-40451

CVE-2026-40451

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
DeepL · Chrome browser extension

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/DeepLcom/deepl-chrome-extension/security/advisories/GHSA-4x2r-q3p9-xhx4https://jvn.jp/en/jp/JVN37524771/