← back
CVE-2026-8876

CVE-2026-8876

CVSS 7.3 HIGHEPSS 0.2%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
Securly · Securly Chrome Extension

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.cert.org/vuls/id/595768