Gchq · Cyberchef · CVE-2026-42615
**Name of the Vulnerable Software and Affected Versions**
GCHQ CyberChef versions prior to 11.0.0
**Description**
Cross-Site Scripting (XSS) is possible via the Show Base64 offsets feature. This occurs through the endpoint '/#recipe=Show Base64 offsets', where an attacker can inject malicious scripts.
**Recommendations**
Update to version 11.0.0 or later.