CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets(‘%3Cscript substring.

More information : https://github.com/gchq/CyberChef/commit/9641ae07f92e9af50f10e978385465b2f4a36c4d