CVE Catalog

CVE-2026-52698

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Summary

Versions of PushEngage up to 4.2.3 have a vulnerability that allows the exposure of subscriber sensitive data. This issue affects web push notifications and eCommerce automation.

Risk Assessment

The exposure of sensitive subscriber data may lead to privacy violations and loss of customer trust. Organizations may face legal and reputational consequences.

Recommendation

It is recommended to update PushEngage to the latest version to mitigate this vulnerability. Additionally, conduct an audit of subscriber data to assess potential damages.

Original NVD description (English source)

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation &amp; Chat Widget <= 4.2.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS