High severity7.2NVD Advisory· Published Apr 29, 2026· Updated Apr 30, 2026
CVE-2026-42615
CVE-2026-42615
Description
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cyberchefnpm | < 11.0.0 | 11.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-h4hv-92pp-pcjgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-42615ghsaADVISORY
- github.com/gchq/CyberChef/commit/9641ae07f92e9af50f10e978385465b2f4a36c4dnvdWEB
- github.com/gchq/CyberChef/compare/v10.24.0...v11.0.0nvdWEB
- github.com/gchq/CyberChef/issues/2344nvdWEB
- github.com/gchq/CyberChef/pull/2346nvdWEB
News mentions
0No linked articles in our index yet.