CVE-2026-34932
CRITICALhoppscotch: Stored XSS via mock server responses on backend origin
Title source: cnaDescription
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-wj4r-hr4h-g98v
X_Refsource_Misc x_refsource_misc
https://github.com/hoppscotch/hoppscotch/releases/tag/2026.3.0
Scores
CVSS v3
9.3
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
hoppscotch/hoppscotch
< 2026.3.0 (2 CPE variants)
Published
Apr 02, 2026
Tracked Since
Apr 03, 2026