CVE-2026-7166
CriticalCVSS 9.2Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
The vulnerability involves the exposure of sensitive data, such as email addresses and phone numbers, without adequate protection. Sensitive information is also accessible in the local database, including data on minors and municipal users.
Risk Assessment
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information, posing a serious threat to user privacy.
Recommendation
It is recommended to implement appropriate data protection mechanisms and restrict access to sensitive information in the API and local database.
Original NVD description (English source)
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

