What is CVE-2026-8874?

CVE-2026-8874 is a high-severity vulnerability in Securly, classified under Cleartext Transmission of Sensitive Information. CVSS score: 7.1/10. Published 2026-06-03.

How severe is CVE-2026-8874?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Securly

CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over H…

EPSS: 0.000 (2.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N.

Affected products

Securly — versions 3.0.7
Securly Chrome Extension — versions 0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

cret@cert.org (Third Party Advisory)

Frequently asked questions

What is CVE-2026-8874?: CVE-2026-8874 is a high-severity vulnerability in Securly, classified under Cleartext Transmission of Sensitive Information. CVSS score: 7.1/10. Published 2026-06-03.
How severe is CVE-2026-8874?: High severity. CVSS v3 base score is 7.1 out of 10.