What is the CVSS score of CVE-2026-6002?

CVE-2026-6002 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of DivvyDrive are affected by CVE-2026-6002?

DivvyDrive versions 4.8.2.9 through 4.8.3.1 contain a reflected XSS vulnerability that allows unauthenticated attackers to steal user sessions and credentials through malicious links, posing…. A patch is available.

How to fix or mitigate CVE-2026-6002?

Within 24 hours: Identify all DivvyDrive deployments running versions 4.8.2.9-4.8.3.1 and document exposure scope. Contact DivvyDrive vendor for patch timeline and interim guidance. Within 7 days: Implement input validation and output encoding controls; deploy WAF rules to filter malicious script payloads in application requests; disable or restrict access to affected versions if operationally feasible. Within 30 days: Upgrade to patched DivvyDrive version when released by vendor; conduct security audit of user sessions and reset credentials for any accounts potentially exposed during vulnerability window.

DivvyDrive CVE-2026-6002

EUVD-2026-28360 HIGH

Basic XSS (CWE-80)

2026-05-07 TR-CERT

GHSA-pmh8-hhp9-qxxf

XSS

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 07, 2026 - 14:01 EUVD

Analysis Generated

May 07, 2026 - 13:30 vuln.today

CVE Published

May 07, 2026 - 12:50 nvd

HIGH 8.8

DescriptionNVD

Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS).

This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

AnalysisAI

Cross-site scripting (XSS) in DivvyDrive 4.8.2.9 through 4.8.3.1 allows remote unauthenticated attackers to execute arbitrary JavaScript in victim browsers, leading to session hijacking, credential theft, and malicious actions performed under victim's identity. The CVSS score of 8.8 (High) reflects the broad impact scope (confidentiality, integrity, availability all rated High), though user interaction is required. …

RemediationAI

Within 24 hours: Identify all DivvyDrive deployments running versions 4.8.2.9-4.8.3.1 and document exposure scope. Contact DivvyDrive vendor for patch timeline and interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6002 vulnerability details – vuln.today

Back

DivvyDrive CVE-2026-6002

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code