CVE-2026-7166
Severity CVSS v4.0:
CRITICAL
Type:
CWE-200
Information Leak / Disclosure
Publication date:
22/06/2026
Last modified:
22/06/2026
Description
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.
Impact
Base Score 4.0
9.20
Severity 4.0
CRITICAL



