CVE-2026-32736

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-32736
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference (IDOR) vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated user who visits a mod page. Any user who creates an account can access sensitive author details by simply navigating to a mod's page via its slug. Version 1.0.0 fixes the issue.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/HytaleModding/wiki/commit/4a96b3f9bce9a9d34030c39a8d6e4c6b6183f13d Patch
https://github.com/HytaleModding/wiki/security/advisories/GHSA-xvq7-wwhx-x2fh Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hytale:modding_wiki:*:*:*:*:*:*:*:*
History

22 Apr 2026, 17:08

Type Values Removed Values Added
References () https://github.com/HytaleModding/wiki/commit/4a96b3f9bce9a9d34030c39a8d6e4c6b6183f13d - () https://github.com/HytaleModding/wiki/commit/4a96b3f9bce9a9d34030c39a8d6e4c6b6183f13d - Patch
References () https://github.com/HytaleModding/wiki/security/advisories/GHSA-xvq7-wwhx-x2fh - () https://github.com/HytaleModding/wiki/security/advisories/GHSA-xvq7-wwhx-x2fh - Exploit, Vendor Advisory
Summary
  • (es) La Wiki de Modding de Hytale es un servicio gratuito para que los mods de Hytale alojen su documentación y wikis. Una vulnerabilidad de Referencia Directa a Objeto Insegura (IDOR) en versiones de la wiki anteriores a la 1.0.0 expone la información personal de los autores de mods - incluyendo nombres completos y direcciones de correo electrónico - a cualquier usuario autenticado que visita una página de mod. Cualquier usuario que crea una cuenta puede acceder a detalles sensibles del autor simplemente navegando a la página de un mod a través de su slug. La versión 1.0.0 soluciona el problema.
First Time Hytale
Hytale modding Wiki
CPE cpe:2.3:a:hytale:modding_wiki:*:*:*:*:*:*:*:*

18 Mar 2026, 23:17

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-18 23:17

Updated : 2026-04-22 17:08

NVD link : CVE-2026-32736

Mitre link : CVE-2026-32736

CVE.ORG link : CVE-2026-32736

JSON object : View

Products Affected

hytale

  • modding_wiki
CWE
CWE-862

Missing Authorization