CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
CVE-2026-33425 (GCVE-0-2026-33425)
Vulnerability from cvelistv5 – Published: 2026-03-20 23:12 – Updated: 2026-03-23 16:48
VLAI
Title
Discourse has inferable private group membership or existence via exclude_groups parameter
Summary
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the `exclude_groups` parameter. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable public access to the user directory via Admin → Settings → hide user profiles from public.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/security/a… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:48:37.275664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:48:49.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 2026.1.0-latest, \u003c 2026.1.2"
},
{
"status": "affected",
"version": "\u003e= 2026.2.0-latest, \u003c 2026.2.1"
},
{
"status": "affected",
"version": "= 2026.3.0-latest"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the `exclude_groups` parameter. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, disable public access to the user directory via Admin \u2192 Settings \u2192 hide user profiles from public."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T23:12:30.489Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-r6rh-xvf5-r5f2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-r6rh-xvf5-r5f2"
}
],
"source": {
"advisory": "GHSA-r6rh-xvf5-r5f2",
"discovery": "UNKNOWN"
},
"title": "Discourse has inferable private group membership or existence via exclude_groups parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33425",
"datePublished": "2026-03-20T23:12:30.489Z",
"dateReserved": "2026-03-19T18:45:22.433Z",
"dateUpdated": "2026-03-23T16:48:49.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33429 (GCVE-0-2026-33429)
Vulnerability from cvelistv5 – Published: 2026-03-24 18:16 – Updated: 2026-03-25 13:34
VLAI
Title
Parse Server: Protected field change detection oracle via LiveQuery watch parameter
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value. This issue has been patched in versions 8.6.54 and 9.6.0-alpha.43.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/parse-community/parse-server/s… | x_refsource_CONFIRM |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/p… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
| https://github.com/parse-community/parse-server/c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| parse-community | parse-server |
Affected:
< 8.6.54
Affected: >= 9.0.0, < 9.6.0-alpha.43 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:33:05.574869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:34:05.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "parse-server",
"vendor": "parse-community",
"versions": [
{
"status": "affected",
"version": "\u003c 8.6.54"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.6.0-alpha.43"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value. This issue has been patched in versions 8.6.54 and 9.6.0-alpha.43."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:16:35.414Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-qpc3-fg4j-8hgm"
},
{
"name": "https://github.com/parse-community/parse-server/pull/10253",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/10253"
},
{
"name": "https://github.com/parse-community/parse-server/pull/10254",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/pull/10254"
},
{
"name": "https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/0c0a0a5a37ca821d2553119f2cb3be35322eda4b"
},
{
"name": "https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/parse-community/parse-server/commit/c62eacaf38de86913f09240583448360b1cc8e67"
}
],
"source": {
"advisory": "GHSA-qpc3-fg4j-8hgm",
"discovery": "UNKNOWN"
},
"title": "Parse Server: Protected field change detection oracle via LiveQuery watch parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33429",
"datePublished": "2026-03-24T18:16:35.414Z",
"dateReserved": "2026-03-19T18:45:22.434Z",
"dateUpdated": "2026-03-25T13:34:05.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3579 (GCVE-0-2026-3579)
Vulnerability from cvelistv5 – Published: 2026-03-19 19:37 – Updated: 2026-03-24 01:36
VLAI
Title
Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Summary
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T01:36:44.385748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T01:36:54.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"RISC-V RV32I (No M-Extension)"
],
"product": "wolfSSL",
"vendor": "wolfSSL",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wind Wong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ewolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.\u003c/p\u003e"
}
],
"value": "wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T19:37:23.642Z",
"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"shortName": "wolfSSL"
},
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/pull/9855"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"assignerShortName": "wolfSSL",
"cveId": "CVE-2026-3579",
"datePublished": "2026-03-19T19:37:23.642Z",
"dateReserved": "2026-03-05T00:16:14.629Z",
"dateUpdated": "2026-03-24T01:36:54.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3580 (GCVE-0-2026-3580)
Vulnerability from cvelistv5 – Published: 2026-03-19 19:46 – Updated: 2026-03-19 20:25
VLAI
Title
Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V
Summary
In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-19T20:25:11.122057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T20:25:20.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"RISC-V"
],
"product": "wolfSSL",
"vendor": "wolfSSL",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wind Wong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis."
}
],
"value": "In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T19:46:58.783Z",
"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"shortName": "wolfSSL"
},
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/pull/9855"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"assignerShortName": "wolfSSL",
"cveId": "CVE-2026-3580",
"datePublished": "2026-03-19T19:46:58.783Z",
"dateReserved": "2026-03-05T00:16:16.057Z",
"dateUpdated": "2026-03-19T20:25:20.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4040 (GCVE-0-2026-4040)
Vulnerability from cvelistv5 – Published: 2026-03-12 12:02 – Updated: 2026-03-12 13:08 X_Open Source
VLAI
Title
OpenClaw File Existence tools.exec.safeBins information exposure
Summary
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.350652 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.350652 | signaturepermissions-required |
| https://vuldb.com/?submit.769581 | third-party-advisory |
| https://github.com/openclaw/openclaw/security/adv… | related |
| https://github.com/openclaw/openclaw/commit/bafdb… | patch |
| https://github.com/openclaw/openclaw/releases/tag… | patch |
| https://github.com/openclaw/openclaw/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenClaw |
Affected:
2026.2.0
Affected: 2026.2.1 Affected: 2026.2.2 Affected: 2026.2.3 Affected: 2026.2.4 Affected: 2026.2.5 Affected: 2026.2.6 Affected: 2026.2.7 Affected: 2026.2.8 Affected: 2026.2.9 Affected: 2026.2.10 Affected: 2026.2.11 Affected: 2026.2.12 Affected: 2026.2.13 Affected: 2026.2.14 Affected: 2026.2.15 Affected: 2026.2.16 Affected: 2026.2.17 Unaffected: 2026.2.19-beta.1 cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T13:08:04.596893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T13:08:57.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"
],
"modules": [
"File Existence Handler"
],
"product": "OpenClaw",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2026.2.0"
},
{
"status": "affected",
"version": "2026.2.1"
},
{
"status": "affected",
"version": "2026.2.2"
},
{
"status": "affected",
"version": "2026.2.3"
},
{
"status": "affected",
"version": "2026.2.4"
},
{
"status": "affected",
"version": "2026.2.5"
},
{
"status": "affected",
"version": "2026.2.6"
},
{
"status": "affected",
"version": "2026.2.7"
},
{
"status": "affected",
"version": "2026.2.8"
},
{
"status": "affected",
"version": "2026.2.9"
},
{
"status": "affected",
"version": "2026.2.10"
},
{
"status": "affected",
"version": "2026.2.11"
},
{
"status": "affected",
"version": "2026.2.12"
},
{
"status": "affected",
"version": "2026.2.13"
},
{
"status": "affected",
"version": "2026.2.14"
},
{
"status": "affected",
"version": "2026.2.15"
},
{
"status": "affected",
"version": "2026.2.16"
},
{
"status": "affected",
"version": "2026.2.17"
},
{
"status": "unaffected",
"version": "2026.2.19-beta.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nedlir (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version 2026.2.19-beta.1 is capable of addressing this issue. The identifier of the patch is bafdbb6f112409a65decd3d4e7350fbd637c7754. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T12:02:14.140Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-350652 | OpenClaw File Existence tools.exec.safeBins information exposure",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.350652"
},
{
"name": "VDB-350652 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.350652"
},
{
"name": "Submit #769581 | openclaw 2026.2.17 Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769581"
},
{
"tags": [
"related"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6c9j-x93c-rw6j"
},
{
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/bafdbb6f112409a65decd3d4e7350fbd637c7754"
},
{
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.19-beta.1"
},
{
"tags": [
"product"
],
"url": "https://github.com/openclaw/openclaw/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-12T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-12T07:51:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "OpenClaw File Existence tools.exec.safeBins information exposure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4040",
"datePublished": "2026-03-12T12:02:14.140Z",
"dateReserved": "2026-03-12T06:46:15.510Z",
"dateUpdated": "2026-03-12T13:08:57.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4045 (GCVE-0-2026-4045)
Vulnerability from cvelistv5 – Published: 2026-03-12 16:02 – Updated: 2026-03-12 16:51
VLAI
Title
projectsend Auth.php response discrepancy
Summary
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.350657 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.350657 | signaturepermissions-required |
| https://vuldb.com/?submit.769577 | third-party-advisory |
| https://drive.google.com/file/d/1TNwWNTcra2ykx0yX… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | projectsend |
Affected:
r1945
cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T16:50:51.605614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:51:30.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*"
],
"product": "projectsend",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "r1945"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0xNayel (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:02:07.726Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-350657 | projectsend Auth.php response discrepancy",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.350657"
},
{
"name": "VDB-350657 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.350657"
},
{
"name": "Submit #769577 | projectsend 35dfd6f08f7d517709c77ee73e57367141107e6b LDAP Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769577"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1TNwWNTcra2ykx0yXpATPmsPgJxIxOrWb/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-12T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-12T10:13:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "projectsend Auth.php response discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4045",
"datePublished": "2026-03-12T16:02:07.726Z",
"dateReserved": "2026-03-12T09:07:46.937Z",
"dateUpdated": "2026-03-12T16:51:30.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44263 (GCVE-0-2026-44263)
Vulnerability from cvelistv5 – Published: 2026-05-07 13:42 – Updated: 2026-05-07 15:02
VLAI
Title
Weblate: Private Translation Enumeration via Screenshot API
Summary
Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/WeblateOrg/weblate/security/ad… | x_refsource_CONFIRM |
| https://github.com/WeblateOrg/weblate/pull/19258 | x_refsource_MISC |
| https://github.com/WeblateOrg/weblate/commit/6cf8… | x_refsource_MISC |
| https://github.com/WeblateOrg/weblate/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WeblateOrg | weblate |
Affected:
< 5.17.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T14:59:57.321636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:02:08.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "weblate",
"vendor": "WeblateOrg",
"versions": [
{
"status": "affected",
"version": "\u003c 5.17.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:42:46.706Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WeblateOrg/weblate/security/advisories/GHSA-gcg5-86jr-f7jg"
},
{
"name": "https://github.com/WeblateOrg/weblate/pull/19258",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/pull/19258"
},
{
"name": "https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/commit/6cf892c7bd50b667a65a99d716a90694f7d9f203"
},
{
"name": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.17.1"
}
],
"source": {
"advisory": "GHSA-gcg5-86jr-f7jg",
"discovery": "UNKNOWN"
},
"title": "Weblate: Private Translation Enumeration via Screenshot API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44263",
"datePublished": "2026-05-07T13:42:46.706Z",
"dateReserved": "2026-05-05T16:33:55.844Z",
"dateUpdated": "2026-05-07T15:02:08.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45294 (GCVE-0-2026-45294)
Vulnerability from cvelistv5 – Published: 2026-05-29 19:52 – Updated: 2026-06-02 01:56
VLAI
Title
FreeScout: User Account Enumeration via Password Reset Response Differentiation
Summary
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/freescout-help-desk/freescout/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| freescout-help-desk | freescout |
Affected:
< 1.8.219
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45294",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T01:55:58.005065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T01:56:24.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jvmv-2qcp-7855"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freescout",
"vendor": "freescout-help-desk",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.219"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeScout is a free help desk and shared inbox built with PHP\u0027s Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:52:22.535Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jvmv-2qcp-7855",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jvmv-2qcp-7855"
}
],
"source": {
"advisory": "GHSA-jvmv-2qcp-7855",
"discovery": "UNKNOWN"
},
"title": "FreeScout: User Account Enumeration via Password Reset Response Differentiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45294",
"datePublished": "2026-05-29T19:52:22.535Z",
"dateReserved": "2026-05-11T20:14:43.201Z",
"dateUpdated": "2026-06-02T01:56:24.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45410 (GCVE-0-2026-45410)
Vulnerability from cvelistv5 – Published: 2026-05-28 21:23 – Updated: 2026-05-29 14:46
VLAI
Title
Time-based user enumeration in TREK authentication endpoint
Summary
TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before returning a 401 Unauthorized, adding ~370 ms of latency. When the email did not exist, the backend returned immediately (~10 ms). This ~14× timing difference could be detected without any difference in HTTP status codes or response bodies. This vulnerability is fixed in 3.0.18.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mauriceboe/TREK/security/advis… | x_refsource_CONFIRM |
| https://gist.github.com/jubnl/c2402adf85d946c1730… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mauriceboe | TREK |
Affected:
< 3.0.18
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45410",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T14:46:27.011976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T14:46:58.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-3552-3c98-x79r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TREK",
"vendor": "mauriceboe",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password comparison before returning a 401 Unauthorized, adding ~370 ms of latency. When the email did not exist, the backend returned immediately (~10 ms). This ~14\u00d7 timing difference could be detected without any difference in HTTP status codes or response bodies. This vulnerability is fixed in 3.0.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T21:23:01.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-3552-3c98-x79r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-3552-3c98-x79r"
},
{
"name": "https://gist.github.com/jubnl/c2402adf85d946c1730867aeecc794de",
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/jubnl/c2402adf85d946c1730867aeecc794de"
}
],
"source": {
"advisory": "GHSA-3552-3c98-x79r",
"discovery": "UNKNOWN"
},
"title": "Time-based user enumeration in TREK authentication endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45410",
"datePublished": "2026-05-28T21:23:01.431Z",
"dateReserved": "2026-05-12T01:48:40.452Z",
"dateUpdated": "2026-05-29T14:46:58.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8242 (GCVE-0-2026-8242)
Vulnerability from cvelistv5 – Published: 2026-05-10 08:15 – Updated: 2026-05-11 17:31
VLAI
Title
Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
Summary
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362458 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/362458/cti | signaturepermissions-required |
| https://vuldb.com/submit/808295 | third-party-advisory |
| https://hawktrace.com/blog/caniaserp | related |
| https://gist.github.com/0xb1lal/85422a63c10a001c7… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Industrial Application Software IAS | Canias ERP |
Affected:
8.03
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:58:49.217937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T17:31:39.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Login RMI Interface"
],
"product": "Canias ERP",
"vendor": "Industrial Application Software IAS",
"versions": [
{
"status": "affected",
"version": "8.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bilal G\u00fcne\u015f (HawkTrace)"
},
{
"lang": "en",
"type": "reporter",
"value": "b1lal (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "b1lal (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:10:02.762Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362458 | Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/362458"
},
{
"name": "VDB-362458 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362458/cti"
},
{
"name": "Submit #808295 | Industrial Application Software - IAS Canias ERP 8.03-- Observable Response Discrepancy (CWE-204)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/808295"
},
{
"tags": [
"related"
],
"url": "https://hawktrace.com/blog/caniaserp"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-11T15:11:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8242",
"datePublished": "2026-05-10T08:15:08.901Z",
"dateReserved": "2026-05-09T16:33:13.131Z",
"dateUpdated": "2026-05-11T17:31:39.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-39
Phase: Implementation
Description:
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.