216.73.217.80

CVE-2026-8874

· Published 03/06/2026 19:16 · Modified 04/06/2026 16:16

Labels: CVE-2026-8874 2026-06-03CVE-2026-8874CWE-319[email protected]

Essential information

Published
03/06/2026 19:16
Modified
04/06/2026 16:16
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CVSS metrics

Description

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
securly / securly chrome extension cpe:2.3:a:securly:securly_chrome_extension:3.0.7:*:*:*:*:*:*:*

References