CVE-2026-42517
Received Received - Intake
Insecure Base64 Encoding in e-Sushrut Enables Unauthorized Data Access

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: Indian Computer Emergency Response Team (CERT-In)

Description
This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive information on the targeted system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42517
EUVD
EUVD-2026-26203
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability involves the use of reversible Base64 encoding to protect sensitive data, which can be decoded and manipulated by an authenticated attacker to gain unauthorized access to sensitive information.

Such unauthorized access to sensitive data could potentially lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strong protection of personal and sensitive information.

However, specific impacts on compliance are not detailed in the provided information.

Executive Summary

This vulnerability exists in e-Sushrut because it uses reversible Base64 encoding to protect sensitive data.

An authenticated attacker can exploit this by decoding and manipulating Base64-encoded parameters in the request URL.

This allows the attacker to gain unauthorized access to sensitive information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information if an attacker decodes and manipulates Base64-encoded parameters.

This could compromise the confidentiality of sensitive data stored or processed by the e-Sushrut system.

Executive Summary

This vulnerability exists in e-Sushrut because it uses reversible Base64 encoding to protect sensitive data.

An authenticated attacker can exploit this by decoding and manipulating Base64-encoded parameters in the request URL.

This allows the attacker to gain unauthorized access to sensitive information on the targeted system.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information.

An attacker who is authenticated can decode and manipulate encoded parameters to access data they should not have access to.

This could result in data breaches, loss of confidentiality, and potential misuse of sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42517. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart