Is there a public PoC exploit available for CVE-2026-5585?

Yes, a public proof-of-concept exploit is available for CVE-2026-5585. Prioritise patching immediately. EPSS: 0.0%.

Ai Infra Guard CVE-2026-5585

Q: What is the CVSS score of CVE-2026-5585?

CVE-2026-5585 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19115 MEDIUM

Information Exposure (CWE-200)

2026-04-05 VulDB

Information Disclosure Ai Infra Guard

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 18:00 euvd

EUVD-2026-19115

Analysis Generated

Apr 05, 2026 - 18:00 vuln.today

CVE Published

Apr 05, 2026 - 17:30 nvd

MEDIUM 5.5

DescriptionCVE.org

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Tencent AI-Infra-Guard 4.0 discloses sensitive information through an unknown function in the Task Detail Endpoint (common/websocket/task_manager.go) that can be manipulated by remote, unauthenticated attackers. The vulnerability has a CVSS score of 5.5 with publicly available exploit code, though no patch has been released despite early vendor notification.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS score of 5.5 indicates moderate severity with low confidentiality impact (VC:L), several factors elevate real-world risk: the attack vector is network-based with low complexity (AV:N/AC:L), requires no authentication (PR:N), and no user interaction (UI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker without authentication or user interaction can send a crafted request to the Task Detail Endpoint via WebSocket to manipulate an unknown function in task_manager.go, triggering information disclosure. A publicly available proof-of-concept exploit is documented on GitHub (https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011), making it straightforward for an attacker to retrieve sensitive task details or other protected information exposed through the vulnerable endpoint.
Remediation	No vendor-released patch has been identified as of this analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5585 vulnerability details – vuln.today

Back