CVE-2026-14162
CriticalCVSS 9.8Summary
A vulnerability in Advantech's Hospital Queuing Management allows unauthenticated remote attackers to access API documentation via a specific URL, leading to sensitive data exposure.
Risk Assessment
The risk involves potential leakage of API technical details, which could be exploited for further attacks, including unauthorized access to patient data and queue configuration.
Recommendation
Immediately restrict access to API documentation through authentication or block public access to sensitive URLs, and update the software to the latest version once a patch is released.
Original NVD description (English source)
Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

