CVE-2026-8888
CVE-2026-8888

Currently unrated

Key Information:

Vendor: Securly
Status: Securly Chrome Extension
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-8888?

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing.

Affected Version(s)

Securly Chrome Extension 0 <= 3.0.7

References

https://kb.cert.org/vuls/id/595768

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8888 Data

JSON