PT-2026-36547 · Nextlevelbuilder · Ui-Ux-Pro-Max-Skill

Yu-Bao

Published

2026-05-01

Updated

2026-05-05

CVE-2026-7595

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1

Description A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the format plugins() function located in the .claude/skills/ui-styling/scripts/tailwind config gen.py file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the format plugins() function within the Tailwind Config Generator component.

Exploit

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2026-7595

Affected Products

Ui-Ux-Pro-Max-Skill

PT-2026-36547 · Nextlevelbuilder · Ui-Ux-Pro-Max-Skill

CVE-2026-7595

Weakness Enumeration

Related Identifiers

Affected Products

References · 10