Is there a public PoC exploit available for CVE-2026-41469?

Yes, a public proof-of-concept exploit is available for CVE-2026-41469. Prioritise patching immediately. EPSS: 0.0%.

Beghelli SicuroWeb CVE-2026-41469

Q: What is the CVSS score of CVE-2026-41469?

CVE-2026-41469 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25077 MEDIUM

Protection Mechanism Failure (CWE-693)

2026-04-22 VulnCheck

Code Injection Sicuroweb Sicuro24

5.1

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Apr 23, 2026 - 07:07 vuln.today

PoC Detected

Apr 22, 2026 - 21:18 vuln.today

Public exploit code

CVSS changed

Apr 22, 2026 - 19:22 NVD

5.1 (MEDIUM)

EUVD ID Assigned

Apr 22, 2026 - 18:31 euvd

EUVD-2026-25077

Analysis Generated

Apr 22, 2026 - 18:31 vuln.today

CVE Published

Apr 22, 2026 - 18:04 nvd

MEDIUM 5.1

DescriptionNVD

Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP removes the browser-enforced restriction that would otherwise block external script execution, enabling attackers to load arbitrary remote payloads into operator browser sessions.

AnalysisAI

Beghelli SicuroWeb (Sicuro24) lacks Content Security Policy enforcement, permitting unrestricted loading of external JavaScript from attacker-controlled origins. When combined with template injection and sandbox escape flaws in the same application, this missing security header removes browser-enforced protections that would otherwise prevent external script execution, enabling attackers to inject arbitrary remote payloads into operator sessions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41469 vulnerability details – vuln.today

Back

Beghelli SicuroWeb CVE-2026-41469

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Beghelli SicuroWeb CVE-2026-41469

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code