CVE Catalog

CVE-2026-40792

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

In KiviCare versions <= 4.2.1, there is a vulnerability related to Insecure Direct Object References (IDOR) for subscribers.

Risk Assessment

An attacker could gain access to other subscribers' data, leading to privacy breaches and information security issues.

Recommendation

It is recommended to upgrade to the latest version of KiviCare to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS