CVE-2026-7166
Deferred Deferred - Pending Action

Sensitive Data Exposure in API and Local Database

Vulnerability report for CVE-2026-7166, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-07-13
AI Q&A
2026-06-22
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gaudire assassin *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the exposure of sensitive data without adequate protection. Specifically, an API exposes email and phone number data from the 'email' and 'telefon' fields. Additionally, the local database contains accessible sensitive information, including data on minors and municipal users. An unauthenticated remote attacker could exploit this vulnerability to gain access to this sensitive information.

Impact Analysis

The impact of this vulnerability is significant because it allows an unauthenticated remote attacker to access sensitive personal information such as emails, phone numbers, and data related to minors and municipal users. This exposure can lead to privacy violations, identity theft, targeted attacks, and potential misuse of the exposed data.

Compliance Impact

This vulnerability involves the exposure of sensitive personal data such as email addresses, phone numbers, and information about minors and municipal users without adequate protection.

Such exposure of sensitive data could lead to non-compliance with common data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.

Failure to protect this data adequately may result in violations of these regulations, potentially leading to legal penalties, loss of trust, and other compliance-related consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7166. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart