Stored XSS Vulnerability in Hoppscotch API Development Ecosystem
CVE-2026-34848

5.4MEDIUM

Key Information:

Vendor: Hoppscotch
Status: Hoppscotch
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-34848?

Hoppscotch, an open source API development ecosystem, was found to have a stored cross-site scripting (XSS) vulnerability in the team member overflow tooltip via display name prior to version 2026.3.0. This vulnerability could allow an attacker to execute arbitrary JavaScript in the context of the user's browser, potentially leading to unauthorized actions or access to sensitive information. The issue has since been addressed in version 2026.3.0, encouraging users to update their installations to mitigate the risks associated with this vulnerability.

Affected Version(s)

hoppscotch < 2026.3.0

References

https://github.com/hoppscotch/hoppscotch/security/advisor...

x_refsource_CONFIRM

https://github.com/hoppscotch/hoppscotch/releases/tag/202...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34848 Data

JSON