CVE-2026-42515
Received Received - Intake

Improper Access Control in e-Sushrut API Enables Data Exposure

Vulnerability report for CVE-2026-42515, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-04-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the e-Sushrut system due to improper access control in resource access validation.

An authenticated attacker can exploit this by manipulating a parameter in the API request URL to gain unauthorized access to sensitive patient information on the targeted system.

Impact Analysis

The vulnerability allows an attacker with valid authentication to bypass access controls and access sensitive patient information without authorization.

This can lead to exposure of confidential patient data, potentially resulting in privacy breaches and misuse of personal health information.

Compliance Impact

This vulnerability allows an authenticated attacker to gain unauthorized access to sensitive patient information by exploiting improper access control in the e-Sushrut system.

Such unauthorized access to sensitive patient data can lead to violations of data protection regulations and standards such as GDPR and HIPAA, which mandate strict controls on access to personal and health information.

Therefore, this vulnerability negatively impacts compliance with these common standards by exposing protected health information to unauthorized parties.

Executive Summary

This vulnerability exists in the e-Sushrut system due to improper access control in resource access validation.

An authenticated attacker can exploit this vulnerability by manipulating a parameter in the API request URL.

This manipulation allows the attacker to gain unauthorized access to sensitive patient information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive patient information.

This unauthorized access can compromise patient privacy and potentially lead to misuse of confidential data.

Such a breach can damage trust in the affected healthcare system and may result in legal and financial consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42515. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart