CVE-2026-7166 · Symaro Security Advisory

Description

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

Severity (CVSS)

Base score	9.2
Severity	Critical
Version	CVSS 4.0
Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Provided by	CNA

Weaknesses

CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Vendor	Product	Versions
Gaudire	Assassin game	last version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 22 Jun 2026 14:43 UTC.