Is there a public PoC exploit available for CVE-2026-7595?

Yes, a public proof-of-concept exploit is available for CVE-2026-7595. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-7595?

Yes, a patch is available for CVE-2026-7595. Update the affected software to the latest version immediately.

ui-ux-pro-max-skill CVE-2026-7595

Q: What is the CVSS score of CVE-2026-7595?

CVE-2026-7595 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26719 LOW

Code Injection (CWE-94)

2026-05-01 VulDB

RCE Code Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 01, 2026 - 21:22 NVD

MEDIUM LOW

CVSS changed

May 01, 2026 - 21:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 01, 2026 - 21:16 vuln.today

Public exploit code

Source Code Evidence Fetched

May 01, 2026 - 21:15 vuln.today

Analysis Generated

May 01, 2026 - 21:15 vuln.today

EUVD ID Assigned

May 01, 2026 - 21:01 euvd

EUVD-2026-26719

Analysis Generated

May 01, 2026 - 21:01 vuln.today

Patch released

May 01, 2026 - 21:01 nvd

Patch available

CVE Published

May 01, 2026 - 20:45 nvd

LOW 2.1

DescriptionNVD

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

AnalysisAI

Code injection vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0 allows authenticated remote attackers to execute arbitrary code via unsanitized plugin names in the Tailwind Config Generator. The _format_plugins function constructs require() statements without validation, enabling attackers with login credentials to inject malicious JavaScript into the Tailwind configuration. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7595 vulnerability details – vuln.today

Back