CVE-2026-42615 PUBLISHED

Assigner: mitre
Reserved: 29.04.2026 Published: 29.04.2026 Updated: 29.04.2026

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS Score: 7.2

Product Status

Vendor GCHQ
Product CyberChef
Versions Default: unaffected
  • affected from 0 to 11.0.0 (excl.)

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE