Prototype Pollution in CyberChef Web App by GCHQ
CVE-2026-57439
5MEDIUM
What is CVE-2026-57439?
The CyberChef web application, which specializes in encryption, encoding, compression, and data analysis, has a vulnerability that allows for prototype pollution. Prior to version 11.2.0, the Series Chart operation improperly handled user-supplied CSV input by accepting proto as a key. This flaw opens the door for attackers to manipulate the JavaScript prototype, potentially leading to harmful injections into HTML output. This vulnerability can be exploited in conjunction with other operations like Parse UDP to execute malicious scripts. The issue has been addressed and is resolved in version 11.2.0.
Affected Version(s)
CyberChef < 11.2.0
