Is there a public PoC exploit available for CVE-2026-7733?

Yes, a public proof-of-concept exploit is available for CVE-2026-7733. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-7733?

Yes, a patch is available for CVE-2026-7733. Update the affected software to the latest version immediately.

funadmin CVE-2026-7733

Q: What is the CVSS score of CVE-2026-7733?

CVE-2026-7733 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26913 MEDIUM

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-05-04 VulDB

PHP File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 04, 2026 - 06:30 vuln.today

Severity Changed

May 04, 2026 - 06:22 NVD

HIGH MEDIUM

CVSS changed

May 04, 2026 - 06:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

PoC Detected

May 04, 2026 - 06:16 vuln.today

Public exploit code

EUVD ID Assigned

May 04, 2026 - 06:00 euvd

EUVD-2026-26913

Analysis Generated

May 04, 2026 - 06:00 vuln.today

Patch released

May 04, 2026 - 06:00 nvd

Patch available

CVE Published

May 04, 2026 - 04:45 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

Unrestricted file upload in funadmin up to version 7.1.0-rc6 allows remote attackers to upload arbitrary files via the Frontend Chunked Upload Endpoint (UploadService::chunkUpload function). The vulnerability stems from insufficient validation of the File parameter and can be exploited without authentication; publicly available exploit code exists and a patch (PR #59) has been released by the vendor.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7733 vulnerability details – vuln.today

Back

funadmin CVE-2026-7733

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

funadmin CVE-2026-7733

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code