Is there a public PoC exploit available for CVE-2026-8318?

Yes, a public proof-of-concept exploit is available for CVE-2026-8318. Prioritise patching immediately. EPSS: 0.0%.

VectifyAI PageIndex CVE-2026-8318

Q: What is the CVSS score of CVE-2026-8318?

CVE-2026-8318 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-29201 MEDIUM

Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)

2026-05-11 VulDB

GHSA-fp52-pxf6-37vh

Denial Of Service

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 11, 2026 - 19:22 NVD

5.3 (MEDIUM) 5.5 (MEDIUM)

Analysis Generated

May 11, 2026 - 19:00 vuln.today

CVE Published

May 11, 2026 - 18:00 nvd

MEDIUM 5.3

DescriptionNVD

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

AnalysisAI

VectifyAI PageIndex up to commit f50e52975313c6716c02b20a119577a1929decba allows remote unauthenticated denial-of-service attacks through an infinite loop vulnerability in the PDF Table of Contents handler. The toc_transformer function in pageindex/page_index.py can be triggered remotely without authentication, causing the application to hang and become unresponsive. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8318 vulnerability details – vuln.today

Back

VectifyAI PageIndex CVE-2026-8318

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

VectifyAI PageIndex CVE-2026-8318

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code