CVE-2026-1365
Received
Received - Intake
Insertion of Sensitive Information into Sent Data in OSOS Allows Authentication Bypass
Vulnerability report for CVE-2026-1365, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-09
Last updated on: 2026-07-09
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass.
This issue affects OSOS: through 09072026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sayax_energy_technologies_inc | osos | to 09072026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |