Is there a public PoC exploit available for CVE-2026-7596?

Yes, a public proof-of-concept exploit is available for CVE-2026-7596. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-7596?

Yes, a patch is available for CVE-2026-7596. Update the affected software to the latest version immediately.

ui-ux-pro-max-skill CVE-2026-7596

Q: What is the CVSS score of CVE-2026-7596?

CVE-2026-7596 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26720 LOW

Cross-site Scripting (XSS) (CWE-79)

2026-05-01 VulDB

XSS

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

PoC Detected

May 02, 2026 - 02:16 vuln.today

Public exploit code

Source Code Evidence Fetched

May 01, 2026 - 21:30 vuln.today

Analysis Generated

May 01, 2026 - 21:30 vuln.today

Severity Changed

May 01, 2026 - 21:22 NVD

MEDIUM LOW

CVSS changed

May 01, 2026 - 21:22 NVD

4.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

May 01, 2026 - 21:16 euvd

EUVD-2026-26720

Analysis Generated

May 01, 2026 - 21:16 vuln.today

Patch released

May 01, 2026 - 21:16 nvd

Patch available

CVE Published

May 01, 2026 - 21:00 nvd

LOW 2.1

DescriptionNVD

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

AnalysisAI

Cross-site scripting (XSS) vulnerability in nextlevelbuilder ui-ux-pro-max-skill up to version 2.5.0 allows remote attackers to inject malicious scripts via unescaped user input in the Slide Generator component's data.get() function. The vulnerability affects slide generation where user-supplied content (titles, subtitles, company names, feature descriptions) is embedded directly into HTML output without sanitization. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7596 vulnerability details – vuln.today

Back