Is there a public PoC exploit available for CVE-2026-5557?

Yes, a public proof-of-concept exploit is available for CVE-2026-5557. Prioritise patching immediately. EPSS: 0.1%.

CVE-2026-5557

Q: What is the CVSS score of CVE-2026-5557?

CVE-2026-5557 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-19062 LOW

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

2026-04-05 VulDB

GHSA-vm3q-w7cc-43ff

Authentication Bypass

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 10:00 euvd

EUVD-2026-19062

Analysis Generated

Apr 05, 2026 - 10:00 vuln.today

CVE Published

Apr 05, 2026 - 09:45 nvd

MEDIUM 5.3

DescriptionNVD

A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Authentication bypass in badlogic pi-mono up to version 0.58.4 allows authenticated attackers to escalate privileges or access unauthorized Slack channels via the pi-mom Slack Bot component. The vulnerability stems from improper authentication validation in the Slack channel routing logic and can be exploited remotely by users with existing access to the system. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5557 vulnerability details – vuln.today

Back