Medium severity5.3NVD Advisory· Published May 7, 2026· Updated May 8, 2026

CVE-2026-41928

Description

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response, enabling them to trigger scheduled task execution outside of the intended schedule.

Affected products

Givanz/Vvvebreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/givanz/Vvveb/commit/517bc09faf44136e72de391aacc8b90a706f7ae7nvd
www.vulncheck.com/advisories/vvveb-information-disclosure-via-cron-controllernvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000