CVE-2026-40451
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
The DeepL Chrome browser extension versions from v1.22.0 to v1.23.0 contain a cross-site scripting vulnerability, allowing an attacker to execute arbitrary scripts in a user's browser and inject malicious HTML into web pages viewed by the user.
Risk Assessment
This vulnerability could lead to user data theft and session hijacking, posing a significant security risk to the organization.
Recommendation
It is recommended to update the DeepL extension to the latest version to mitigate this vulnerability and to monitor user activity for potential attacks.
Original NVD description (English source)
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.

