Ctrl + K
/ news / CVE
CVEPublished 2026-06-06Modified 2026-06-080 articles on news6 live referencesNVD data

CVE-2026-11434

Vulnerability data via NVD (ingested)

CVSS v3.1
2.4
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
EPSS percentile
2
Exploit Prediction Scoring System · top 98% of all CVEs
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-94Improper Control of Generation of Code ('Code Injection')
Description

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Timeline
Published 2026-06-06
Modified 2026-06-08

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-11434
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-11434
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-11434
Censys host search filtered to this CVE id.
grep.app
CVE-2026-11434
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-11434
GitHub code search for direct mentions.
Google dork
"CVE-2026-11434" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-114348 repos
vxcontrol/pentagiGo
Fully autonomous AI Agents system capable of performing complex penetration testing tasks
★ 17,586·updated 1w ago
alexandreborges/malwoverviewPython
Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage,…
★ 3,862·updated 6d ago
Tencent/AI-Infra-GuardPython
A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.
★ 3,861·updated today
gadievron/raptorPython
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security too…
★ 2,904·updated today
NVIDIA/SkillSpectorPython
Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.
★ 1,560·updated 4d ago
adolfousier/opencrabsRust
The self-improving all channels AI agent. Self-healing. Fully autonomous. Single Rust binary.
★ 787·updated today
0xSteph/pentest-aiPython
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
★ 660·updated today
OpenOSINT/OpenOSINTPython
AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.
★ 575·updated 1d ago
We haven't classified any articles referencing CVE-2026-11434 yet. The external references above still apply.