MEDIUM
gchq
CVE published 2026-07-08
CVE-2026-57439
CVE-2026-57439 is a medium-severity vulnerability in CyberChef, a web app for encryption, encoding, compression, and data analysis. The Series Chart operation's acceptance of __proto__ as a key while parsing user-supplied CSV allows for prototype pollution. This issue can be chained with operations such as Parse UDP to inject malicious JavaScript into HTML output. The vulnerability is fixed in version 11. [truncated]