CVE-2026-61344
Received Received - Intake

Unauthenticated Access to Court Reminder Records in Superior Court of California Hearing Reminder Service

Vulnerability report for CVE-2026-61344, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting access to the API endpoint by implementing proper authentication and authorization controls to ensure that sensitive court reminder records are not accessible without valid credentials.

Additionally, reviewing and updating the API configuration to prevent unauthenticated access and monitoring access logs for suspicious activity are recommended.

Executive Summary

The vulnerability involves the Superior Court of California Hearing Reminder Service exposing an API endpoint that returns court reminder records containing potentially sensitive information without requiring any authentication.

Impact Analysis

Because the API endpoint exposes sensitive court reminder records without authentication, unauthorized parties could access personal or sensitive information. This could lead to privacy violations, identity exposure, or misuse of the information contained in the court reminders.

Compliance Impact

Exposing sensitive information without authentication can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require protecting personal and sensitive data from unauthorized access.

Detection Guidance

This vulnerability involves an API endpoint at https://www.hrs.courts.ca.gov that returns court reminder records without requiring authentication. To detect this vulnerability on your network or system, you can attempt to access the API endpoint and observe if sensitive information is returned without authentication.

A possible command to test this could be using curl to send a request to the endpoint and check the response for sensitive data exposure:

  • curl -v https://www.hrs.courts.ca.gov/api/reminders

If the response contains sensitive court reminder records without requiring authentication, the vulnerability is present.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart