CVE Catalog

CVE-2026-39518

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile - higher than 19% of all known CVEs

Summary

Versions of EventPrime <= 4.3.0.0 have a vulnerability related to Insecure Direct Object References (IDOR). This allows subscribers to access data they should not have permission to.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data, potentially leading to privacy breaches and loss of customer trust.

Recommendation

It is recommended to upgrade to the latest version of EventPrime to mitigate this vulnerability and implement appropriate access controls.

Original NVD description (English source)

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS