CVE-2026-8881
CVE-2026-8881

Currently unrated

Key Information:

Vendor: Securly
Status: Securly Chrome Extension
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-8881?

Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.

Affected Version(s)

Securly Chrome Extension 0 <= 3.0.7

References

https://kb.cert.org/vuls/id/595768

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8881 Data

JSON