Home

Description

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

PUBLISHED Reserved 2026-04-27 | Published 2026-06-22 | Updated 2026-06-22 | Assigner INCIBE




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

last version (custom)
affected

Credits

Adrià Bonilla Martin k0x finder

References

www.incibe.es/...tiple-vulnerabilities-assassin-game-gaudire

cve.org (CVE-2026-7166)

nvd.nist.gov (CVE-2026-7166)

Download JSON