Description
The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
Any version before 2026-04-28
2026-04-28
Credits
Aditya (Haza), Meta4Sec
References
www.hrs.courts.ca.gov (url)
raw.githubusercontent.com/...IT/white/2026/va-26-190-02.json (url)
www.cve.org/CVERecord?id=CVE-2026-61344 (url)