CVE-2026-39686
Received Received - Intake
Information Exposure in BSK PDF Manager Allows Sensitive Data Retrieval

Publication date: 2026-04-08

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39686
EUVD
EUVD-2026-20375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bannersky bsk_pdf_manager to 3.7.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39686 is a vulnerability in the WordPress BSK PDF Manager Plugin versions up to and including 3.7.2 that allows unauthenticated attackers to access sensitive information that is normally restricted from regular users.

This issue is classified as Sensitive Data Exposure and falls under the OWASP Top 10 category A3. It requires no privileges to exploit, meaning anyone can potentially retrieve embedded sensitive data from the system.

Impact Analysis

The vulnerability can lead to unauthorized exposure of sensitive system information, which could be leveraged by attackers to further exploit other system weaknesses.

Although the severity is rated as low with a CVSS score of 5.3, it can be used in mass-exploit campaigns targeting many websites regardless of their traffic or popularity.

If exploited, this could compromise the confidentiality of sensitive data and potentially lead to additional security breaches.

Mitigation Strategies

Immediate mitigation involves updating the affected BSK PDF Manager plugin to a version later than 3.7.2.

If updating is not possible, users are advised to seek assistance from their hosting provider or web developer to implement protective measures.

Rapid mitigation is emphasized to protect affected WordPress sites from sensitive data exposure and potential further exploitation.

Compliance Impact

The vulnerability in BSK PDF Manager allows unauthorized access to sensitive information, which can lead to exposure of data that should be protected under regulations such as GDPR and HIPAA.

Exposure of sensitive data can result in non-compliance with these standards, as they require strict controls to prevent unauthorized access to personal or protected health information.

Although the severity is rated as low, the vulnerability falls under the OWASP Top 10 category A3: Sensitive Data Exposure, highlighting the risk of data breaches that could impact regulatory compliance.

Organizations using the affected plugin should prioritize mitigation to avoid potential violations of data protection laws and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart