CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-on24-qa-chat

Configurations

No configuration.

History

01 Apr 2026, 14:24

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario en el endpoint 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/'. Explotar esta vulnerabilidad permitiría a un atacante no autenticado enumerar IDs de eventos y obtener el historial completo de preguntas y respuestas. Estos datos expuestos públicamente pueden incluir IDs, URLs privadas, mensajes privados, referencias internas u otra información sensible que solo debería ser expuesta a usuarios autenticados. Además, el contenido filtrado podría ser explotado para facilitar otras actividades maliciosas, como reconocimiento para movimiento lateral, explotación de sistemas relacionados o acceso no autorizado a aplicaciones internas referenciadas en el contenido de los mensajes de chat.

30 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 14:16

Updated : 2026-05-19 15:43

NVD link : CVE-2026-3321

Mitre link : CVE-2026-3321

CVE.ORG link : CVE-2026-3321

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2026-3321", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-30T14:16:35.420", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-on24-qa-chat", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en el endpoint 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/'. Explotar esta vulnerabilidad permitir\u00eda a un atacante no autenticado enumerar IDs de eventos y obtener el historial completo de preguntas y respuestas. Estos datos expuestos p\u00fablicamente pueden incluir IDs, URLs privadas, mensajes privados, referencias internas u otra informaci\u00f3n sensible que solo deber\u00eda ser expuesta a usuarios autenticados. Adem\u00e1s, el contenido filtrado podr\u00eda ser explotado para facilitar otras actividades maliciosas, como reconocimiento para movimiento lateral, explotaci\u00f3n de sistemas relacionados o acceso no autorizado a aplicaciones internas referenciadas en el contenido de los mensajes de chat."}], "lastModified": "2026-05-19T15:43:28.500", "sourceIdentifier": "cve-coordination@incibe.es"}