HIGH🇵🇱 Wersja polska

CVE-2026-8881

CVSS 7.5pub. 2026-06-03upd. 2026-06-05

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Securly

    APP
    Securly
    3.0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-8874HIGH7.1ten sam produkt

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filter...

CVE-2026-8876HIGH7.3ten sam produkt

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js....

CVE-2026-8878HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauth...

CVE-2026-8879HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via c...

CVE-2026-8888HIGH7.5ten sam produkt

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided pat...