CVE Catalog

CVE-2026-49064

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

15th percentile — higher than 15% of all known CVEs

Summary

The Stiofan GetPaid vulnerability involves the insertion of sensitive information into sent data, allowing for the retrieval of that data later.

Risk Assessment

Organizations may be exposed to the disclosure of sensitive data, potentially leading to privacy breaches and loss of customer trust.

Recommendation

It is recommended to update to the latest version of GetPaid to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS