Is there a patch available for CVE-2026-41928?

Yes, a patch is available for CVE-2026-41928. Update the affected software to the latest version immediately.

Vvveb CVE-2026-41928

Q: What is the CVSS score of CVE-2026-41928?

CVE-2026-41928 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-28458 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)

2026-05-07 VulnCheck

GHSA-8rhw-hq84-rcq7

Information Disclosure

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 07, 2026 - 22:22 NVD

5.3 (MEDIUM) 6.9 (MEDIUM)

Source Code Evidence Fetched

May 07, 2026 - 22:04 vuln.today

Analysis Generated

May 07, 2026 - 22:04 vuln.today

CVE Published

May 07, 2026 - 21:13 nvd

MEDIUM 5.3

DescriptionNVD

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response, enabling them to trigger scheduled task execution outside of the intended schedule.

AnalysisAI

Vvveb before 1.0.8.2 exposes the application's secret cron key through an unauthenticated cron controller endpoint, allowing remote attackers to retrieve this sensitive credential and trigger scheduled tasks outside their intended execution windows. The vulnerability affects all deployments with the vulnerable cron controller accessible over the network, with CVSS 5.3 reflecting confidentiality impact from information disclosure without authentication requirements.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41928 vulnerability details – vuln.today

Back

Vvveb CVE-2026-41928

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Vvveb CVE-2026-41928

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code