PT-2026-35866 · Gchq · Cyberchef

Gchqdeveloper581

Published

2026-04-29

Updated

2026-04-30

CVE-2026-42615

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0

Description Cross-Site Scripting (XSS) is possible via the Show Base64 offsets feature. This occurs through the endpoint '/#recipe=Show Base64 offsets', where an attacker can inject malicious scripts.

Recommendations Update to version 11.0.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-42615

GHSA-H4HV-92PP-PCJG

Affected Products

Cyberchef

PT-2026-35866 · Gchq · Cyberchef

CVE-2026-42615

Weakness Enumeration

Related Identifiers

Affected Products

References · 11