CVE Catalog
CVE-2026-40792
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk0.25%
16th percentile — higher than 16% of all known CVEs
Summary
In KiviCare versions <= 4.2.1, there is a vulnerability related to Insecure Direct Object References (IDOR) for subscribers.
Risk Assessment
An attacker could gain access to other subscribers' data, leading to privacy breaches and information security issues.
Recommendation
It is recommended to upgrade to the latest version of KiviCare to mitigate this vulnerability.
Original NVD description (English source)
Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

