CVE-2026-8005

MEDIUMNVD 4.34.3—

4.3

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

CVSS v3: 4.3
EG Score: 4.3(high)
EPSS: 3.5%
KEV: Not listed

Published

May 6, 2026

Last Modified

May 7, 2026

References (2)

chrome-cve-admin@googlehttps://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html
chrome-cve-admin@googlehttps://issues.chromium.org/issues/496298665

Vendor Advisories for CVE-2026-8005(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

CVE-2026-8005
Microsoft Security Response Center (MSRC)
Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast

Frequently asked(5)

What is CVE-2026-8005?

CVE-2026-8005 is a medium vulnerability published on May 6, 2026. Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)

When was CVE-2026-8005 disclosed?

CVE-2026-8005 was first published in the National Vulnerability Database on May 6, 2026, with the most recent update on May 7, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-8005 actively exploited?

CVE-2026-8005 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 3.5% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2026-8005?

CVE-2026-8005 has a CVSS v3 base score of 4.3 (NVD).

How do I remediate CVE-2026-8005?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-8005, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-8005

Explore →

Is Your Infrastructure Affected by CVE-2026-8005?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-8005

📅 Published

🔄 Last Modified

🔗 References (2)

📣 Vendor Advisories for CVE-2026-8005(1)

❓ Frequently asked(5)