Skip to main content

Hospital Queuing Management EUVDEUVD-2026-40286

| CVE-2026-14161 HIGH
Information Exposure (CWE-200)
2026-06-30 twcert GHSA-h3wp-wq8p-j642
8.7
CVSS 4.0 · Vendor: twcert
Share

Severity by source

Vendor (twcert) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Unauthenticated network access with no interaction (AV:N/AC:L/PR:N/UI:N); confidentiality set to Low (C:L) because only API documentation, not sensitive data, is exposed, with no integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (twcert).

CVSS VectorVendor: twcert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 13:01 EUVD
Analysis Generated
Jun 30, 2026 - 12:15 vuln.today

DescriptionCVE.org

Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

AnalysisAI

Information disclosure in Advantech Hospital Queuing Management allows unauthenticated remote attackers to retrieve internal API documentation by requesting a specific URL, exposing the application's API surface, endpoints, and parameters. The flaw carries a high CVSS 4.0 base score of 8.7 driven entirely by confidentiality impact, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed queuing web app
Delivery
Request specific documentation URL
Exploit
Receive unauthenticated API docs
Execution
Enumerate API endpoints and parameters
Impact
Stage follow-on attacks

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the Hospital Queuing Management web application and knowledge of the specific URL that serves the API documentation; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, no user interaction, and no special privileges are needed against an exposed instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N, score 8.7) indicates a network-reachable, low-complexity, unauthenticated, no-interaction attack with high confidentiality impact and no integrity or availability impact - internally consistent with an unauthenticated information-disclosure bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the Hospital Queuing Management web service over the network sends a single unauthenticated HTTP request to the known documentation URL and receives the full API documentation. They then use the disclosed endpoints and parameters to map the attack surface and craft follow-on attacks against the application. …
Remediation Consult the TWCERT advisories (https://www.twcert.org.tw/en/cp-139-11012-63761-2.html and https://www.twcert.org.tw/tw/cp-132-11011-999eb-1.html) and apply the vendor-provided fixed version from Advantech once obtained - no exact fixed version is stated in the available data, so confirm the patched build directly with Advantech (No vendor-released patch version independently confirmed at time of analysis). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Advantech Hospital Queuing Management deployments and determine internet accessibility and patient-dependency criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40286 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy