CVE-2026-42516
Received Received - Intake
Improper Authorization in e-Sushrut Enables Patient Account Access

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42516
EUVD
EUVD-2026-26201
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the e-Sushrut system due to improper authorization checks when accessing resources. An attacker who is already authenticated can exploit this flaw by manipulating encoded parameters in the request URL, which allows them to gain unauthorized access to patient accounts within the system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive patient accounts, potentially exposing confidential medical information. This unauthorized access could result in privacy breaches, data theft, or misuse of patient data, which can harm patients and damage the trustworthiness of the healthcare system.

Compliance Impact

This vulnerability allows an authenticated attacker to gain unauthorized access to patient accounts by exploiting improper authorization checks. Such unauthorized access to sensitive patient information can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on access to personal and health-related data.

Specifically, unauthorized access to patient accounts compromises confidentiality and privacy requirements, potentially resulting in non-compliance with these standards and exposing the organization to legal and regulatory penalties.

Executive Summary

This vulnerability exists in the e-Sushrut system due to improper authorization checks when accessing resources. An attacker who is already authenticated can exploit this flaw by manipulating encoded parameters in the request URL, which allows them to gain unauthorized access to patient accounts within the system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive patient accounts. This means an attacker could view or potentially manipulate private patient information without proper permission, compromising patient privacy and the security of the healthcare system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart