CVE-2026-50213
Account Enumeration via Predictable User IDs in Application
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the account validation endpoint /v1/User/validate, which returns detailed user profile data sheets. An attacker can exploit this by iterating through predictable identification strings to crawl and collect comprehensive user information.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to extensive user profile data, potentially exposing sensitive personal information. This can result in privacy breaches, identity theft, and other malicious activities due to the ease of crawling user data without authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows the account validation endpoint to return comprehensive user profile data sheets that can be accessed by iterating predictable identification strings. This exposure of detailed user data without proper access controls can lead to unauthorized data disclosure.
Such unauthorized disclosure of personal data can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on personal data access and processing to protect user privacy and ensure data security.