CVE-2026-6280
Received
Received - Intake
Sensitive Information Exposure in Nomysem Due to Improper ACL Constraints
Vulnerability report for CVE-2026-6280, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-08
Last updated on: 2026-07-08
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Nomysem: through 08072026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nomysoft | nomysem | to 08072026 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-213 | The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed. |