Is there a public PoC exploit available for CVE-2026-5251?

Yes, a public proof-of-concept exploit is available for CVE-2026-5251. Prioritise patching immediately. EPSS: 0.0%.

Admin CVE-2026-5251

Q: What is the CVSS score of CVE-2026-5251?

CVE-2026-5251 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17771 LOW

Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)

2026-04-01 VulDB

GHSA-vwp7-r9vq-p5wq

Information Disclosure Admin

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 01, 2026 - 14:23 vuln.today

Public exploit code

EUVD ID Assigned

Apr 01, 2026 - 02:45 euvd

EUVD-2026-17771

Analysis Generated

Apr 01, 2026 - 02:45 vuln.today

CVE Published

Apr 01, 2026 - 02:30 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Privilege escalation in z-9527 admin 1.0/2.0 allows authenticated users to manipulate the isAdmin parameter in the User Update Endpoint (/server/routes/user.js) to gain administrative privileges through dynamically-determined object attributes. The vulnerability requires network access and valid credentials (PR:L per CVSS vector) but no user interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents moderate-to-high practical risk despite a CVSS score of 6.3. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated user with low-privilege account access (e.g., a regular user account on z-9527 admin) submits a request to the User Update Endpoint (/server/routes/user.js) with the isAdmin parameter set to 1. Due to lack of authorization validation, the backend dynamically assigns this attribute to the user object without checking privileges, resulting in the user being granted admin rights. …
Remediation	No vendor-released patch identified at time of analysis, as the vendor did not respond to early disclosure attempts. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5251 vulnerability details – vuln.today

Back