CVE Catalog

CVE-2026-7166

CriticalCVSS 9.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

The vulnerability involves the exposure of sensitive data, such as email addresses and phone numbers, without adequate protection. Sensitive information is also accessible in the local database, including data on minors and municipal users.

Risk Assessment

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information, posing a serious threat to user privacy.

Recommendation

It is recommended to implement appropriate data protection mechanisms and restrict access to sensitive information in the API and local database.

Original NVD description (English source)

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS