CVE-2026-39918 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 20, 2026
Vvveb - Remote Code Execution
Overview
Vvveb < 1.0.8.1 contains a code injection vulnerability caused by unsanitized subdir POST parameter in the installation endpoint, letting unauthenticated attackers execute arbitrary PHP code remotely as the web server user.
Severity & Score
Impact
Unauthenticated attackers can execute arbitrary PHP code remotely, potentially leading to full server compromise.
Mitigation
Update to version 1.0.8.1 or later.
References
Social Media Activity(3 posts)
ā ļø CRITICAL: CVE-2026-39918 in givanz Vvveb <1.0.8.1 allows unauth RCE via code injection in the installation endpoint (unsanitized subdir param). Restrict access, monitor for updates, and deploy WAF rules. https://radar.offseq.com/threat/cve-2026-39918-cwe-94-improper-control-of-generati-40adcadb #OffSeq #Vulnerability #RCE #PHP
View original post
š“ CVE-2026-39918 - Critical (9.8) Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ... š https://www.thehackerwire.com/vulnerability/CVE-2026-39918/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-39918 - Critical (9.8) Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ... š https://www.thehackerwire.com/vulnerability/CVE-2026-39918/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-39918
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- rejected
- EPSS
- 21.8%
- Social Posts
- 3
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H