CVE-2026-7167
Received Received - Intake
Email Validation Bypass in Authentication System

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-7167
EUVD
EUVD-2026-38237
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the system does not properly validate the 'email' field during the authentication process. As a result, it allows unverified or fake email addresses to be accepted.

This flaw enables attackers to create user accounts with fake email addresses, which can lead to the mass creation of fraudulent accounts.

An attacker who successfully exploits this vulnerability could perform various malicious actions such as distributing spam on a large scale, abusing the system, or bypassing user controls, thereby compromising the system's security and integrity.

Impact Analysis

The vulnerability can impact you by allowing attackers to create numerous fake user accounts, which can be used to distribute spam or abuse the system.

It may also enable attackers to bypass user controls, potentially leading to unauthorized actions within the system.

Overall, this compromises the security and integrity of the system, potentially affecting legitimate users and system operations.

Compliance Impact

The vulnerability allows the creation of user accounts with fake or unverified email addresses, which can lead to mass creation of fraudulent accounts and system abuse.

Such exploitation could compromise the security and integrity of the system, potentially impacting compliance with standards and regulations that require accurate user identification and protection of user data, such as GDPR and HIPAA.

However, specific effects on compliance with these regulations are not detailed in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7167. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart