Skip to main content

Omnidocs

2 CVEs product

Monthly

CVE-2026-5414 MEDIUM POC This Month

Improper control of resource identifiers in Newgen OmniDocs up to version 12.0.00 allows unauthenticated remote attackers to access sensitive information via manipulation of the DocumentId parameter in the /omnidocs/WebApiRequestRedirection endpoint. The vulnerability has publicly available exploit code and a low CVSS score (5.5) reflecting confidentiality impact only, but the combination of network-based attack vector, no authentication requirement, and public exploit availability warrants immediate assessment. The vendor has not responded to disclosure attempts.

Information Disclosure Omnidocs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-5413 LOW POC Monitor

Information disclosure in Newgen OmniDocs up to version 12.0.00 allows remote attackers without authentication to extract sensitive data by manipulating the connectionDetails parameter in the /omnidocs/GetWebApiConfiguration endpoint. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists; however, no confirmed active exploitation has been reported. The vendor did not respond to early disclosure notification.

Information Disclosure Omnidocs
NVD VulDB
CVSS 4.0
2.9
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Improper control of resource identifiers in Newgen OmniDocs up to version 12.0.00 allows unauthenticated remote attackers to access sensitive information via manipulation of the DocumentId parameter in the /omnidocs/WebApiRequestRedirection endpoint. The vulnerability has publicly available exploit code and a low CVSS score (5.5) reflecting confidentiality impact only, but the combination of network-based attack vector, no authentication requirement, and public exploit availability warrants immediate assessment. The vendor has not responded to disclosure attempts.

Information Disclosure Omnidocs
NVD VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Information disclosure in Newgen OmniDocs up to version 12.0.00 allows remote attackers without authentication to extract sensitive data by manipulating the connectionDetails parameter in the /omnidocs/GetWebApiConfiguration endpoint. The vulnerability has a CVSS score of 6.3 with high attack complexity, and publicly available exploit code exists; however, no confirmed active exploitation has been reported. The vendor did not respond to early disclosure notification.

Information Disclosure Omnidocs
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy