CVE-2026-8874

HIGH 7.1

CVE-2026-8874

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

2th

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS.

Vendor	securly
Product	securly chrome extension
Published	Jun 3, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for securly securly chrome extension

Be the first to know when new high vulnerabilities affecting securly securly chrome extension are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Securly / Securly Chrome Extension

0 < 3.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://kb.cert.org/vuls/id/595768