CVE Catalog

CVE-2026-40793

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

Versions of Groundhogg below 4.4.1 have a broken access control issue for subscribers, potentially allowing unauthorized access to data.

Risk Assessment

Organizations may be exposed to data leaks of subscribers and other unauthorized actions, which could impact their reputation and regulatory compliance.

Recommendation

It is recommended to update Groundhogg to version 4.4.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS