CVE-2026-41937

🗓️ 14 May 2026 14:30:52Reported by VulnCheckType

Vvveb before version 1.0.8.3 has an unrestricted plugin upload enabling super admin to execute code via a malicious plugin archive.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-41937	14 May 202614:30	–	attackerkb
CNNVD	Vvveb 安全漏洞	14 May 202600:00	–	cnnvd
Cvelist	CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload	14 May 202614:30	–	cvelist
EUVD	EUVD-2026-30297	14 May 202614:30	–	euvd
NVD	CVE-2026-41937	14 May 202615:16	–	nvd
Positive Technologies	PT-2026-40944	14 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-41937	26 May 202602:12	–	redhatcve
Vulnrichment	CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload	14 May 202614:30	–	vulnrichment

Vulners

Node

givanz vvvebRange0–1.0.8.3

[
  {
    "defaultStatus": "affected",
    "vendor": "givanz",
    "product": "Vvveb",
    "repo": "https://github.com/givanz/Vvveb",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThan": "1.0.8.3"
      },
      {
        "status": "unaffected",
        "version": "04f0294350ec429e307cd31c2e777a4797c868d6",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/vvveb-unrestricted-file-upload-rce-via-plugin-upload
github	www.github.com/givanz/Vvveb/commit/04f0294350ec429e307cd31c2e777a4797c868d6
github	www.github.com/givanz/Vvveb/releases/tag/1.0.8.3

26 May 2026 00:16Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.17.2

CVSS 48.6

EPSS0.00041

SSVC