Is there a public PoC exploit available for CVE-2026-7642?

Yes, a public proof-of-concept exploit is available for CVE-2026-7642. Prioritise patching immediately. EPSS: 0.7%.

pskill9 website-downloader CVE-2026-7642

Q: What is the CVSS score of CVE-2026-7642?

CVE-2026-7642 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.7%.

EUVD-2026-26796 LOW

OS Command Injection (CWE-78)

2026-05-02 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 02, 2026 - 15:30 vuln.today

Severity Changed

May 02, 2026 - 15:22 NVD

MEDIUM LOW

CVSS changed

May 02, 2026 - 15:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

PoC Detected

May 02, 2026 - 15:16 vuln.today

Public exploit code

EUVD ID Assigned

May 02, 2026 - 15:00 euvd

EUVD-2026-26796

Analysis Generated

May 02, 2026 - 15:00 vuln.today

CVE Published

May 02, 2026 - 14:30 nvd

LOW 2.1

DescriptionNVD

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in pskill9 website-downloader through 0.1.0 allows authenticated remote attackers to execute arbitrary system commands by manipulating the outputPath argument in the download_website function of the MCP Interface. Publicly available exploit code exists, though the low CVSS score (2.1) reflects required authentication and limited scope of impact; the vulnerability remains relevant for deployments where the MCP Interface is exposed to untrusted authenticated users.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7642 vulnerability details – vuln.today

Back