Back to CVE List

CVE-2026-8874

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.1 / 10
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Vulnerability Description

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-319
Source
NVD
Vendor
securly
Product
securly

External References

Discussion (0)

Add Comment

No comments yet. Be the first!