CVE-2026-13007
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users.
Risk Assessment
The organization is at risk of exposing sensitive data, which could lead to unauthorized access to systems and breaches of user privacy. Attackers may leverage this information to conduct further attacks.
Recommendation
It is recommended to secure the API endpoints by implementing authentication and restricting access to sensitive data. Additionally, configure response headers to prevent caching of sensitive information by proxy servers and CDNs.
Original NVD description (English source)
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users even after authentication is applied.

