What is the CVSS score of EUVD-2026-18536?

EUVD-2026-18536 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-18536?

Yes, a patch is available for EUVD-2026-18536. Update the affected software to the latest version immediately.

Hoppscotch EUVD-2026-18536

| CVE-2026-34848 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-04-02 GitHub_M

XSS Hoppscotch

5.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.3.0

EUVD ID Assigned

Apr 02, 2026 - 20:16 euvd

EUVD-2026-18536

Analysis Generated

Apr 02, 2026 - 20:16 vuln.today

CVE Published

Apr 02, 2026 - 19:20 nvd

MEDIUM 5.4

DescriptionGitHub Advisory

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow tooltip via display name. This issue has been patched in version 2026.3.0.

AnalysisAI

Stored cross-site scripting (XSS) in Hoppscotch prior to version 2026.3.0 allows authenticated users to inject malicious scripts via the team member display name field, which executes when other users view the overflow tooltip. The vulnerability requires user interaction (viewing the tooltip) and affects the confidentiality and integrity of affected sessions with a CVSS score of 5.4. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 5.4 with vector AV:N/AC:L/PR:L/UI:R/S:C reflects moderate risk with network-accessible attack surface, low attack complexity, and requirement for legitimate authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker within a Hoppscotch team modifies their display name to include a malicious JavaScript payload (e.g., <img src=x onerror='alert(document.cookie)'>). When another team member hovers over or clicks the team member list to view the overflow tooltip, the payload executes in their browser context with access to the same origin, potentially stealing session cookies, API keys, or other sensitive data stored in localStorage. …
Remediation	Vendor-released patch: upgrade to Hoppscotch version 2026.3.0 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-18536 vulnerability details – vuln.today

Back