CVE Catalog
CVE-2026-58419
Low risk· EPSS 7%Exploitation Probability (EPSS)
Low risk0.17%
7th percentile — higher than 7% of all known CVEs
Summary
A vulnerability in the Notification API leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read issue details such as titles and statuses.
Risk Assessment
The risk involves unauthorized access to confidential issue information, which may violate the organization's security policy and lead to sensitive data leakage.
Recommendation
Immediately update the Notification API to a version that properly validates permissions on every request. In the meantime, restrict API access to trusted users only.
Original NVD description (English source)
Notification API leaks private issue metadata after access revocation

