Is there a public PoC exploit available for CVE-2026-6625?

Yes, a public proof-of-concept exploit is available for CVE-2026-6625. Prioritise patching immediately. EPSS: 0.0%.

Java CVE-2026-6625

Q: What is the CVSS score of CVE-2026-6625?

CVE-2026-6625 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23821 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-20 VulDB

Java SSRF

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Analysis Generated

Apr 20, 2026 - 10:28 vuln.today

Severity Changed

Apr 20, 2026 - 10:22 NVD

HIGH MEDIUM

CVSS changed

Apr 20, 2026 - 10:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

EUVD ID Assigned

Apr 20, 2026 - 10:15 euvd

EUVD-2026-23821

Analysis Generated

Apr 20, 2026 - 10:15 vuln.today

CVE Published

Apr 20, 2026 - 09:30 nvd

MEDIUM 5.5

DescriptionNVD

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery (SSRF) in Mogu Blog v2 up to version 5.2 allows unauthenticated remote attackers to initiate arbitrary HTTP requests from the affected server through the picture upload functionality. The vulnerability exists in the LocalFileServiceImpl.uploadPictureByUrl method within the Picture Storage Service component, enabling attackers to access internal services, scan internal networks, or exfiltrate sensitive data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6625 vulnerability details – vuln.today

Back

Java CVE-2026-6625

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Java CVE-2026-6625

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code