CVE-2026-42517
Received Received - Intake

Insecure Base64 Encoding in e-Sushrut Enables Unauthorized Data Access

Vulnerability report for CVE-2026-42517, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-04-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability involves the use of reversible Base64 encoding to protect sensitive data, which can be decoded and manipulated by an authenticated attacker to gain unauthorized access to sensitive information.

Such unauthorized access to sensitive data could potentially lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strong protection of personal and sensitive information.

However, specific impacts on compliance are not detailed in the provided information.

Executive Summary

This vulnerability exists in e-Sushrut because it uses reversible Base64 encoding to protect sensitive data.

An authenticated attacker can exploit this by decoding and manipulating Base64-encoded parameters in the request URL.

This allows the attacker to gain unauthorized access to sensitive information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information if an attacker decodes and manipulates Base64-encoded parameters.

This could compromise the confidentiality of sensitive data stored or processed by the e-Sushrut system.

Executive Summary

This vulnerability exists in e-Sushrut because it uses reversible Base64 encoding to protect sensitive data.

An authenticated attacker can exploit this by decoding and manipulating Base64-encoded parameters in the request URL.

This allows the attacker to gain unauthorized access to sensitive information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information.

An attacker who is authenticated can decode and manipulate encoded parameters to access data they should not have access to.

This could result in data breaches, loss of confidentiality, and potential misuse of sensitive information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart