Vulnerability Description
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
CVSS Score
9.3
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hoppscotch | Hoppscotch | < 2026.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0Release Notes
- https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-wj4r-hr4h-g98vVendor Advisory
FAQ
What is CVE-2026-34932?
CVE-2026-34932 is a vulnerability with a CVSS score of 9.3 (CRITICAL). hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
How severe is CVE-2026-34932?
CVE-2026-34932 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-34932?
Check the references section above for vendor advisories and patch information. Affected products include: Hoppscotch Hoppscotch.