EUVD-2026-23434

| CVE-2026-6492 MEDIUM
2026-04-17 VulDB
Information Disclosure Hotel Booking Management System
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 17, 2026 - 14:28 vuln.today
CVSS Changed
Apr 17, 2026 - 14:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)

DescriptionNVD

A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

The Hotel Booking Management System by arnobt78 (up to commit f8922d0e0f6ac1cc761974c7616f44c2bbc04bea) exposes sensitive information through an unauthenticated network request to the /api/health/detailed endpoint, allowing remote attackers to disclose system details without authentication or user interaction. Publicly available exploit code exists, and the vendor has not responded to disclosure attempts.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-23434 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy