CVE Catalog
CVE-2026-52698
HighCVSS 7.4Summary
Versions of PushEngage up to 4.2.3 have a vulnerability that allows the exposure of subscriber sensitive data. This issue affects web push notifications and eCommerce automation.
Risk Assessment
The exposure of sensitive subscriber data may lead to privacy violations and loss of customer trust. Organizations may face legal and reputational consequences.
Recommendation
It is recommended to update PushEngage to the latest version to mitigate this vulnerability. Additionally, conduct an audit of subscriber data to assess potential damages.
Original NVD description (English source)
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.

