CVE-2026-8878
Received Received - Intake
Securly Chrome Extension Sensitive Data Exposure via Weakly Obfuscated Hashes

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: CERT/CC

Description
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-8878
EUVD
EUVD-2026-34163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
securly chrome_extension 3.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Version 3.0.7 of the Securly Chrome Extension has multiple publicly accessible endpoints that allow anyone to access sensitive data without authentication.

The sensitive data exposed are SHA-1 hashes that are only lightly obfuscated using a simple Caesar cipher, which can be easily reversed to reveal the original hash values and thus the protected data.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to sensitive information because the exposed SHA-1 hashes can be easily decoded.

Attackers could recover protected data by reversing the weak obfuscation, potentially leading to data breaches or misuse of sensitive information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart