CVE-2026-42516
Received Received - Intake

Improper Authorization in e-Sushrut Enables Patient Account Access

Vulnerability report for CVE-2026-42516, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-04-29
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the e-Sushrut system due to improper authorization checks when accessing resources. An attacker who is already authenticated can exploit this flaw by manipulating encoded parameters in the request URL, which allows them to gain unauthorized access to patient accounts within the system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive patient accounts, potentially exposing confidential medical information. This unauthorized access could result in privacy breaches, data theft, or misuse of patient data, which can harm patients and damage the trustworthiness of the healthcare system.

Compliance Impact

This vulnerability allows an authenticated attacker to gain unauthorized access to patient accounts by exploiting improper authorization checks. Such unauthorized access to sensitive patient information can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on access to personal and health-related data.

Specifically, unauthorized access to patient accounts compromises confidentiality and privacy requirements, potentially resulting in non-compliance with these standards and exposing the organization to legal and regulatory penalties.

Executive Summary

This vulnerability exists in the e-Sushrut system due to improper authorization checks when accessing resources. An attacker who is already authenticated can exploit this flaw by manipulating encoded parameters in the request URL, which allows them to gain unauthorized access to patient accounts within the system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive patient accounts. This means an attacker could view or potentially manipulate private patient information without proper permission, compromising patient privacy and the security of the healthcare system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart