CVE-2026-40451

MEDIUM 6.1

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.

Vendor	deepl
Product	chrome browser extension
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for deepl chrome browser extension

Be the first to know when new medium vulnerabilities affecting deepl chrome browser extension are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Versions

DeepL / Chrome browser extension

from v1.22.0 to v.1.23.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/DeepLcom/deepl-chrome-extension/security/advisories/GHSA-4x2r-q3p9-xhx4 jvn.jp: https://jvn.jp/en/jp/JVN37524771/