What is CVE-2026-7686?

CVE-2026-7686 is a medium-severity vulnerability in Eyeo Adblock Plus, classified under Incorrect Privilege Assignment. CVSS score: 5.3/10. Published 2026-05-03.

How severe is CVE-2026-7686?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Privilege escalation in Eyeo Adblock Plus

CVE-2026-7686

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results…

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Eyeo Adblock Plus — versions 4.36.0, 4.36.1, 4.36.2

Weakness classification (CWE)

References

VDB-360856 | eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control (technical-description, vdb-entry)
VDB-360856 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #793551 | Eyeo GmbH Adblock Plus 4.36.2 Privilege Escalation (third-party-advisory)
cna@vuldb.com (exploit)
cna@vuldb.com (patch)

Frequently asked questions

What is CVE-2026-7686?: CVE-2026-7686 is a medium-severity vulnerability in Eyeo Adblock Plus, classified under Incorrect Privilege Assignment. CVSS score: 5.3/10. Published 2026-05-03.
How severe is CVE-2026-7686?: Medium severity. CVSS v3 base score is 5.3 out of 10.