CVE-2024-26478
Information Disclosure in Statping-ng 0.91.0 via /api/users Endpoint
Publication date: 2026-02-11
Last updated on: 2026-02-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| statping-ng | statping-ng | 0.91.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Statping-ng version 0.91.0 and allows an attacker to obtain sensitive information by sending a specially crafted request to the /api/users endpoint.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can gain access to sensitive information from the application, which could lead to unauthorized data exposure or further exploitation depending on the nature of the information obtained.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted requests to the /api/users endpoint of Statping-ng v0.91.0 and observing if sensitive information is returned.
A possible command to test this could be using curl to send a request to the vulnerable endpoint, for example:
- curl -v http://<target-ip-or-domain>/api/users
If the response contains sensitive user information without proper authorization, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
I don't know