CVE-2026-6492
Received Received - Intake
Information Disclosure via Health Check Endpoint in arnobt78 Hotel Booking System

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: VulDB

Description
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6492
EUVD
EUVD-2026-23434
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the arnobt78 Hotel Booking Management System, specifically in an unknown function within the /api/health/detailed file of the Health Check Endpoint component.

By manipulating this endpoint, an attacker can cause information disclosure, meaning sensitive information may be exposed.

The vulnerability can be exploited remotely, and the exploit code is publicly available.

Impact Analysis

The primary impact of this vulnerability is information disclosure, which means that sensitive or confidential data could be exposed to unauthorized parties.

Since the vulnerability can be exploited remotely without authentication, attackers can access this information without needing prior access or credentials.

This could lead to privacy breaches, loss of trust, or further attacks leveraging the disclosed information.

Compliance Impact

The vulnerability results in information disclosure through the Health Check Endpoint of the arnobt78 Hotel Booking Management System. Such unauthorized information disclosure can potentially impact compliance with data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.

However, the provided context does not specify the nature or sensitivity of the disclosed information, nor does it explicitly link the vulnerability to any compliance violations or regulatory impacts.

Detection Guidance

This vulnerability involves an information disclosure issue in the /api/health/detailed endpoint of the arnobt78 Hotel Booking Management System. Detection can be attempted by sending crafted requests to this endpoint and observing if sensitive information is disclosed.

A possible command to test this could be using curl to send a request to the endpoint, for example: curl -v http://<target-host>/api/health/detailed

Monitoring network traffic for unusual or unexpected responses from this endpoint may also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the /api/health/detailed endpoint to trusted users or internal networks only.

Implementing network-level controls such as firewalls or access control lists to limit exposure of this endpoint can reduce risk.

Monitoring for exploit attempts and applying any available patches or updates from the vendor as soon as they become available is recommended.

Since the vendor has not responded and the exploit is public, consider disabling or restricting the health check endpoint if possible until a fix is released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart