Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-7166

Gravedad CVSS v4.0:
CRÍTICA
Tipo:
CWE-200 Revelación de información
Fecha de publicación:
22/06/2026
Última modificación:
22/06/2026

Descripción

*** Pendiente de traducción *** Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.