CVE Catalog

CVE-2026-49066

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

The Conekta Payment Gateway versions up to 6.0.0 have a vulnerability that allows unauthenticated access to sensitive data.

Risk Assessment

Organizations may be exposed to the leakage of personal or financial data, which can lead to serious legal and reputational consequences.

Recommendation

It is recommended to update the Conekta Payment Gateway to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS