Is there a public PoC exploit available for CVE-2026-6492?

Yes, a public proof-of-concept exploit is available for CVE-2026-6492. Prioritise patching immediately. EPSS: 0.0%.

Hotel Booking Management System CVE-2026-6492

Q: What is the CVSS score of CVE-2026-6492?

CVE-2026-6492 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-23434 MEDIUM

Information Exposure (CWE-200)

2026-04-17 VulDB

Information Disclosure Hotel Booking Management System

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 22, 2026 - 20:22 vuln.today

Public exploit code

Analysis Generated

Apr 17, 2026 - 14:28 vuln.today

CVSS changed

Apr 17, 2026 - 14:22 NVD

5.3 (MEDIUM) 5.5 (MEDIUM)

EUVD ID Assigned

Apr 17, 2026 - 14:15 euvd

EUVD-2026-23434

Analysis Generated

Apr 17, 2026 - 14:15 vuln.today

CVE Published

Apr 17, 2026 - 14:00 nvd

MEDIUM 5.5

DescriptionCVE.org

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

The Hotel Booking Management System by arnobt78 (up to commit f8922d0e0f6ac1cc761974c7616f44c2bbc04bea) exposes sensitive information through an unauthenticated network request to the /api/health/detailed endpoint, allowing remote attackers to disclose system details without authentication or user interaction. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Attacker gains network access to target

Delivery

Sends unauthenticated HTTP GET to /api/health/detailed

Exploit

Endpoint returns sensitive system metadata

Execution

Attacker parses response for hostnames, versions, IPs

Persist

Uses intelligence for reconnaissance

Impact

Identifies further attack surface