Is CVE-2026-11645 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-11645 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-11645

Out-of-bounds memory access in Chrome's V8 engine is being exploited in the wild. CVSS 8.8. When the browser is the runtime, browser vulnerabilities are application vulnerabilities.

2026

What WebPulse reported · 4 analyses

Chrome Zero-Day CVE-2026-11645 Actively Exploited: The Browser Is the New Server

Out-of-bounds memory access in Chrome's V8 engine is being exploited in the wild. CVSS 8.8. When the browser is the runtime, browser vulnerabilities are applica

June 18, 2026

Fifth Chrome Zero-Day of 2026. CVE-2026-11645 Hits V8 — the Engine Running Every Web Application and Every AI Agent's Browser. Actively Exploited in the Wild.

CVSS 8.8. Out-of-bounds read/write in V8's JavaScript and WebAssembly engine. Arbitrary code execution via a crafted HTML page. All Chromium-based browsers affe

June 16, 2026

CISA Lost One-Third of Its Staff. The Agency That Tracks Exploited Vulnerabilities Is Being Hollowed Out.

The Stakeholder Engagement Division lost 96 of 189 staff since January 2025. CISA partnerships face 'standstill.' The government's central cybersecurity coordin

June 18, 2026

Chrome V8 Has an Actively Exploited RCE. Your Framework Decides How Much V8 Your Users Run.

CVE-2026-11645 is an out-of-bounds read/write in Chrome's JavaScript engine. Astro ships 9KB of JS. Next.js ships 463KB. The attack surface isn't equal.

June 11, 2026

View CVE-2026-11645 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273 CVE-2026-8181 CVE-2026-47291 CVE-2026-45657 CVE-2026-3844