CVE Catalog

CVE-2026-40451

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

The DeepL Chrome browser extension versions from v1.22.0 to v1.23.0 contain a cross-site scripting vulnerability, allowing an attacker to execute arbitrary scripts in a user's browser and inject malicious HTML into web pages viewed by the user.

Risk Assessment

This vulnerability could lead to user data theft and session hijacking, posing a significant security risk to the organization.

Recommendation

It is recommended to update the DeepL extension to the latest version to mitigate this vulnerability and to monitor user activity for potential attacks.

Original NVD description (English source)

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS