Stored XSS Vulnerability in hoppscotch API Development Ecosystem
CVE-2026-34932

8.5HIGH

Key Information:

Vendor: Hoppscotch
Status: Hoppscotch
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-34932?

Earlier versions of the hoppscotch API development ecosystem are susceptible to a stored cross-site scripting (XSS) vulnerability, which can facilitate cross-site request forgery (CSRF) attacks. This issue has been resolved in the latest release (version 2026.3.0), ensuring users can operate in a more secure environment. It is crucial for developers and users to upgrade to this version to mitigate potential security risks.

Affected Version(s)

hoppscotch < 2026.3.0

References

https://github.com/hoppscotch/hoppscotch/security/advisor...

x_refsource_CONFIRM

https://github.com/hoppscotch/hoppscotch/releases/tag/202...

x_refsource_MISC

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34932 Data

JSON

Hoppscotch

What is CVE-2026-34932?

Affected Version(s)

References

CVSS V4

Timeline