Is there a public PoC exploit available for CVE-2026-5210?

Yes, a public proof-of-concept exploit is available for CVE-2026-5210. Prioritise patching immediately. EPSS: 0.0%.

Leave Application System CVE-2026-5210

Q: What is the CVSS score of CVE-2026-5210?

CVE-2026-5210 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17589 MEDIUM

External Control of File Name or Path (CWE-73)

2026-03-31 VulDB

Information Disclosure Leave Application System

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 01, 2026 - 14:23 vuln.today

Public exploit code

EUVD ID Assigned

Mar 31, 2026 - 19:01 euvd

EUVD-2026-17589

Analysis Generated

Mar 31, 2026 - 19:01 vuln.today

CVE Published

Mar 31, 2026 - 18:30 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used.

AnalysisAI

Remote file inclusion in SourceCodester Leave Application System 1.0 allows unauthenticated attackers to manipulate the page parameter and access arbitrary files, resulting in information disclosure. The CVSS 4.0 score of 6.9 reflects low confidentiality impact with network-based attack vector and no user interaction required. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS 6.9 score indicates moderate severity, multiple factors elevate real-world exploitation risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker crafts a malicious URL with a manipulated page parameter (e.g., page=../../../../etc/passwd or page=php://filter/convert.base64-encode/resource=config.php) and sends it to the vulnerable Leave Application System. The application fails to validate the parameter and processes the attacker's path, returning sensitive files such as configuration files containing database credentials, source code files revealing additional vulnerabilities, or system files with user information. …
Remediation	Upgrade SourceCodester Leave Application System to a patched version released by SourceCodester that addresses input validation on the page parameter. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5210 vulnerability details – vuln.today

Back