Skip to main content

NEXULEAN CVE-2026-32138

HIGH
Improper Access Control (CWE-284)
2026-03-12 security-advisories@github.com
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

3
Re-analysis Queued
Apr 16, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 19:16 nvd
HIGH 8.2

DescriptionGitHub Advisory

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.

AnalysisAI

NEXULEAN versions prior to 2.0.0 expose Firebase and Web3Forms API keys in the application, allowing unauthenticated attackers to access backend services and retrieve sensitive user data. The hardcoded credentials can be leveraged remotely without any user interaction to interact with protected resources. No patch is currently available for affected deployments.

Technical ContextAI

Classified as CWE-284 (Improper Access Control). Affects and Penetration Tester.. NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services without authentication, potentially leading to unauthorized access to application resources and user data. This vulnerability is fixed in 2.0.0.

Affected ProductsAI

Product: and Penetration Tester.. Versions: up to 2.0.0.

RemediationAI

Fixed in version 2.0.0.. Restrict network access to the affected service where possible.

Share

CVE-2026-32138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy