What is CVE-2026-5615?

CVE-2026-5615 is a medium-severity vulnerability in Givanz Vvvebjs, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-06.

How severe is CVE-2026-5615?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2026-5615 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Givanz Vvvebjs

CVE-2026-5615

A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross si…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.015 (81.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N.

Affected products

Givanz Vvvebjs — versions 2.0.0, 2.0.1, 2.0.2

Weakness classification (CWE)

Public proof-of-concept exploits

sahmsec/CVE-2026-5615

References

VDB-355406 | givanz Vvvebjs File Upload Endpoint upload.php cross site scripting (technical-description, vdb-entry)
VDB-355406 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #785563 | givanz VvvebJs 2.0.5 Stored XSS (third-party-advisory)
cna@vuldb.com (exploit)
cna@vuldb.com (patch)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-5615?: CVE-2026-5615 is a medium-severity vulnerability in Givanz Vvvebjs, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-06.
How severe is CVE-2026-5615?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2026-5615 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.