CVE-2026-7595
Code Injection in NextLevelBuilder UI-UX-Pro-Max-Skill
Publication date: 2026-05-01
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nextlevelbuilder | ui-ux-pro-max-skill | to 2.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the nextlevelbuilder ui-ux-pro-max-skill software up to version 2.5.0. It exists in the _format_plugins function within the Tailwind Config Generator component, specifically in the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py. The flaw allows an attacker to perform code injection remotely, meaning malicious code can be inserted and executed through this vulnerability.
The vulnerability has been publicly disclosed and an exploit is available, but the project maintainers have not yet addressed the issue.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to inject and execute arbitrary code within the affected software. This could lead to unauthorized actions such as data manipulation, system compromise, or disruption of service depending on the privileges of the affected component.