PatchSiren cyber security CVE debrief
CVE-2026-40451 DeepL CVE debrief
A medium-severity cross-site scripting vulnerability was discovered in the DeepL Chrome browser extension, affecting versions from v1.22.0 to v1.23.0. This vulnerability, tracked as CVE-2026-40451, allows an attacker to execute arbitrary script in a user's browser and inject malicious HTML into web pages viewed by the user.
- Vendor
- DeepL
- Product
- Chrome browser extension
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-22
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-04-22
- Advisory updated
- 2026-06-16
Who should care
Users of the DeepL Chrome browser extension, particularly those using versions between v1.22.0 and v1.23.0, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.1 and is classified as medium-severity. It was published on [2026-04-22T05:16:23.253Z] and last modified on [2026-06-16T16:13:00.237Z]. The vulnerability is identified as CWE-79.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the DeepL Chrome browser extension to a version outside the affected range (v1.22.0 to v1.23.0).
- Users should ensure they are running the latest version of the extension to mitigate this vulnerability.
Evidence notes
The CVE record and details can be found at [resourceLinkAnnotations:cve-org]. For more information, refer to [resourceLinkAnnotations:nvd]. Additional references include [resourceLinkAnnotations:ref-4] and [resourceLinkAnnotations:ref-5].
Official resources
CVE-2026-40451 was published on 2026-04-22T05:16:23.253Z and last modified on 2026-06-16T16:13:00.237Z.