Is there a public PoC exploit available for CVE-2026-7093?

Yes, a public proof-of-concept exploit is available for CVE-2026-7093. Prioritise patching immediately. EPSS: 0.0%.

Invoice System in Laravel CVE-2026-7093

Q: What is the CVSS score of CVE-2026-7093?

CVE-2026-7093 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25782 LOW

Improper Authorization (CWE-285)

2026-04-27 VulDB

Authentication Bypass

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

CVSS changed

Apr 27, 2026 - 07:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 06:45 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 06:30 euvd

EUVD-2026-25782

Analysis Generated

Apr 27, 2026 - 06:30 vuln.today

CVE Published

Apr 27, 2026 - 06:00 nvd

LOW 2.1

DescriptionNVD

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

AnalysisAI

Code-Projects Invoice System in Laravel 1.0 allows authenticated remote attackers to bypass authorization controls via manipulation of the ID parameter in the /invoice/ endpoint, enabling unauthorized access to invoice data with potential for modification and denial of service. The vulnerability has publicly available exploit code and is actively exploitable against default configurations.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7093 vulnerability details – vuln.today

Back