CVE-2026-42615

Name: CVE-2026-42615
Creator: NVD / NIST
Published: 2026-04-29T04:16:41.75+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10EPSS 0.29%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS Probability

0.29%

21.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

References

https://github.com/gchq/CyberChef/commit/9641ae07f92e9af50f10e978385465b2f4a36c4d
https://github.com/gchq/CyberChef/compare/v10.24.0...v11.0.0
https://github.com/gchq/CyberChef/issues/2344
https://github.com/gchq/CyberChef/pull/2346

Timeline

Published: Apr 29, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-42615?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST