Is there a public PoC exploit available for CVE-2026-6143?

Yes, a public proof-of-concept exploit is available for CVE-2026-6143. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-6143?

Yes, a patch is available for CVE-2026-6143. Update the affected software to the latest version immediately.

Cors Misconfiguration CVE-2026-6143

Q: What is the CVSS score of CVE-2026-6143?

CVE-2026-6143 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21773 LOW

Permissive Cross-domain Security Policy with Untrusted Domains (CWE-942)

2026-04-13 VulDB

GHSA-rrm6-2q2p-cpx5

Information Disclosure Cors Misconfiguration

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 13, 2026 - 02:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 13, 2026 - 02:04 vuln.today

EUVD ID Assigned

Apr 13, 2026 - 02:00 euvd

EUVD-2026-21773

Analysis Generated

Apr 13, 2026 - 02:00 vuln.today

Patch released

Apr 13, 2026 - 02:00 nvd

Patch available

CVE Published

Apr 13, 2026 - 01:15 nvd

LOW 2.1

DescriptionNVD

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Permissive cross-domain policy in farion1231 cc-switch up to version 3.12.3 allows authenticated remote attackers to access sensitive information and modify data across untrusted domains via misconfigured CORS headers in the ProxyServer component. Publicly available exploit code exists, and vendor patches are available; this represents a moderate but actively exploitable configuration flaw affecting networked deployments.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6143 vulnerability details – vuln.today

Back