PT-2026-38585 · Vvveb · Vvveb
Basant Kumar
+2
·
Published
2026-05-07
·
Updated
2026-05-10
·
CVE-2026-41928
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Vvveb versions prior to 1.0.8.2
Description
An information disclosure issue exists in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. By accessing the cron controller without authentication, an attacker can obtain the exposed secret key from the response, which enables the triggering of scheduled task execution outside of the intended schedule.
Recommendations
Update to version 1.0.8.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vvveb