CVE-2026-7166 | Vulnerability involving the exposure of sensitive data provi… | CVSS 9.2 CRITICAL

Description

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

Metadata

CVE ID: CVE-2026-7166
State: PUBLISHED
Assigner: INCIBE
Reserved: 2026-04-27 07:25 UTC
Published: 2026-06-22 12:47 UTC
Last updated: 2026-06-22 15:46 UTC
Primary CWE: CWE-200
CWE-200 Exposure of Sensitive Information to an Unauthorized…
Vendor / Product: Gaudire / Assassin game
Sources: cve.org · NVD

Severity & Metrics

9.2 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Gaudire	Assassin game	—	last version

Weakness (CWE)

CWE	Source	Description
CWE-200	cna	CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.2	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

References (1)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire