CVE-2026-42515
Received Received - Intake
Improper Access Control in e-Sushrut API Enables Data Exposure

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42515
EUVD
EUVD-2026-26198
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the e-Sushrut system due to improper access control in resource access validation.

An authenticated attacker can exploit this by manipulating a parameter in the API request URL to gain unauthorized access to sensitive patient information on the targeted system.

Impact Analysis

The vulnerability allows an attacker with valid authentication to bypass access controls and access sensitive patient information without authorization.

This can lead to exposure of confidential patient data, potentially resulting in privacy breaches and misuse of personal health information.

Compliance Impact

This vulnerability allows an authenticated attacker to gain unauthorized access to sensitive patient information by exploiting improper access control in the e-Sushrut system.

Such unauthorized access to sensitive patient data can lead to violations of data protection regulations and standards such as GDPR and HIPAA, which mandate strict controls on access to personal and health information.

Therefore, this vulnerability negatively impacts compliance with these common standards by exposing protected health information to unauthorized parties.

Executive Summary

This vulnerability exists in the e-Sushrut system due to improper access control in resource access validation.

An authenticated attacker can exploit this vulnerability by manipulating a parameter in the API request URL.

This manipulation allows the attacker to gain unauthorized access to sensitive patient information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive patient information.

This unauthorized access can compromise patient privacy and potentially lead to misuse of confidential data.

Such a breach can damage trust in the affected healthcare system and may result in legal and financial consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42515. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart