Is there a public PoC exploit available for EUVD-2026-25717?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25717. Prioritise patching immediately. EPSS: 0.0%.

MiroFish EUVD-2026-25717

Q: What is the CVSS score of EUVD-2026-25717?

EUVD-2026-25717 has a CVSS 4.0 base score of 2.9 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7041 LOW

Information Exposure (CWE-200)

2026-04-26 VulDB

Information Disclosure

2.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.3 (MEDIUM) 2.9 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 26, 2026 - 13:22 NVD

LOW MEDIUM

CVSS changed

Apr 26, 2026 - 13:22 NVD

3.7 (LOW) 6.3 (MEDIUM)

Analysis Generated

Apr 26, 2026 - 13:15 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 13:00 euvd

EUVD-2026-25717

Analysis Generated

Apr 26, 2026 - 13:00 vuln.today

CVE Published

Apr 26, 2026 - 12:45 nvd

LOW 2.9

DescriptionNVD

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Information disclosure in MiroFish up to version 0.1.2 allows remote attackers to leak sensitive data through manipulation of the SECRET argument in the Werkzeug Debugger PIN Handler at the /console endpoint. The vulnerability requires high attack complexity and has a low CVSS score (3.7) indicating limited confidentiality impact, but publicly available exploit code exists and the vendor has not responded to early notification.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25717 vulnerability details – vuln.today

Back