CVE-2026-14161
Received Received - Intake

Sensitive Data Exposure in Advantech Hospital Quening Management

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: TWCERT/CC

Description
Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-14161
EUVD
EUVD-2026-40286

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
advantech hospital_queuing_management to 1.2.13 (exc)
advantech queuehttp to 1.2.12.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14161 is a high-severity vulnerability in Advantech's Hospital Queuing Management (HQM) software versions prior to 1.2.13. It involves sensitive data exposure where unauthenticated remote attackers can access a specific URL to retrieve API documentation.

The vulnerability does not require any user interaction or privileges to exploit, making it accessible over the network.

Impact Analysis

This vulnerability allows unauthenticated remote attackers to access sensitive API documentation, which could potentially expose internal system details.

Exposure of such information may aid attackers in crafting further attacks against the system or gaining unauthorized access to other parts of the network.

Detection Guidance

This vulnerability involves unauthenticated remote access to a specific URL that exposes API documentation in Advantech's Hospital Queuing Management (HQM) software. Detection can be performed by attempting to access the known vulnerable URL on the target system to see if the API documentation is accessible without authentication.

A possible detection method is to use network scanning or HTTP request tools such as curl or wget to query the suspected URL endpoint on the HQM server.

  • curl -I http://<target-ip-or-hostname>/<specific-vulnerable-url>
  • wget --spider http://<target-ip-or-hostname>/<specific-vulnerable-url>

If the API documentation is returned without authentication, the system is vulnerable.

Mitigation Strategies

The recommended immediate mitigation steps are to update the affected software components to versions that have fixed the vulnerability.

  • Update Advantech Hospital Queuing Management (HQM) ISO to version 1.2.13 or later.
  • Alternatively, update the QueueHttp.dll file to version 1.2.12.7 or later.

These updates prevent unauthenticated remote attackers from accessing sensitive API documentation.

Compliance Impact

The vulnerability involves sensitive data exposure through unauthenticated remote access to API documentation in Advantech's Hospital Queuing Management software. Such exposure of sensitive data could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information from unauthorized access.

However, the provided information does not explicitly describe the direct effects on compliance with these standards or regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart