CVE-2026-7071

MEDIUM

CodeAstro Online Job Portal user-cvs file information disclosure

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Exploits (1)

nomisec WRITEUP
by Xmyronn · poc
https://github.com/Xmyronn/CVE-2026-7071-access-Control

References (5)

Scores

CVSS v3 5.3
EPSS 0.0003
EPSS Percentile 8.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-200 CWE-538
Status published
Products (1)
CodeAstro/Online Job Portal 1.0
Published Apr 27, 2026
Tracked Since Apr 27, 2026