Is there a public PoC exploit available for CVE-2026-7092?

Yes, a public proof-of-concept exploit is available for CVE-2026-7092. Prioritise patching immediately. EPSS: 0.0%.

code-projects Invoice System CVE-2026-7092

Q: What is the CVSS score of CVE-2026-7092?

CVE-2026-7092 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25780 LOW

Improper Authorization (CWE-285)

2026-04-27 VulDB

Authentication Bypass

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 27, 2026 - 07:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 06:45 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 06:30 euvd

EUVD-2026-25780

Analysis Generated

Apr 27, 2026 - 06:30 vuln.today

CVE Published

Apr 27, 2026 - 05:45 nvd

LOW 2.1

DescriptionNVD

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Improper authorization in code-projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass access controls via manipulation of the ID parameter in the Profile Handler (/profile/ endpoint), leading to unauthorized read, modification, and denial of service impacts. Public exploit code is available, elevating real-world exploitation risk despite the moderate CVSS score of 6.3.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7092 vulnerability details – vuln.today

Back