← Back
2026-06-22 12:47CVE-2026-7166INCIBE
PUBLISHED5.2CWE-200

Multiple vulnerabilities in the Assassin game by Gaudire

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

Problem type

Affected products

Gaudire

Assassin game

last version - AFFECTED

References

incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire

GitHub Security Advisories

GHSA-qvr5-4jwr-6hcv

Vulnerability involving the exposure of sensitive data provided without adequate protection. The...

https://github.com/advisories/GHSA-qvr5-4jwr-6hcv

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7166

incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire

github.com

https://github.com/advisories/GHSA-qvr5-4jwr-6hcv

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7166
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7166",
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "dateUpdated": "2026-06-22T15:46:08.469Z",
    "dateReserved": "2026-04-27T07:25:28.931Z",
    "datePublished": "2026-06-22T12:47:47.703Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE",
        "dateUpdated": "2026-06-22T12:47:47.703Z"
      },
      "datePublic": "2026-06-22T12:38:00.000Z",
      "title": "Multiple vulnerabilities in the Assassin game by Gaudire",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Gaudire",
          "product": "Assassin game",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "last version",
              "status": "affected",
              "versionType": "custom"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "cweId": "CWE-200",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "There is no reported solution at this time.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "There is no reported solution at this time."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Adrià Bonilla Martin k0x",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-06-22T15:46:08.469Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}