Is there a public PoC exploit available for EUVD-2026-26913?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26913. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-26913?

Yes, a patch is available for EUVD-2026-26913. Update the affected software to the latest version immediately.

funadmin EUVD-2026-26913

Q: What is the CVSS score of EUVD-2026-26913?

EUVD-2026-26913 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7733 MEDIUM

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-05-04 VulDB

PHP File Upload

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 04, 2026 - 06:30 vuln.today

Severity Changed

May 04, 2026 - 06:22 NVD

HIGH MEDIUM

CVSS changed

May 04, 2026 - 06:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

PoC Detected

May 04, 2026 - 06:16 vuln.today

Public exploit code

EUVD ID Assigned

May 04, 2026 - 06:00 euvd

EUVD-2026-26913

Analysis Generated

May 04, 2026 - 06:00 vuln.today

Patch released

May 04, 2026 - 06:00 nvd

Patch available

CVE Published

May 04, 2026 - 04:45 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 59. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

Unrestricted file upload in funadmin up to version 7.1.0-rc6 allows remote attackers to upload arbitrary files via the Frontend Chunked Upload Endpoint (UploadService::chunkUpload function). The vulnerability stems from insufficient validation of the File parameter and can be exploited without authentication; publicly available exploit code exists and a patch (PR #59) has been released by the vendor.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26913 vulnerability details – vuln.today

Back

funadmin EUVD-2026-26913

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

funadmin EUVD-2026-26913

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code