← Back
2026-06-22 12:50CVE-2026-7167INCIBE
PUBLISHED5.2CWE-200

Multiple vulnerabilities in the Assassin game by Gaudire

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.

Problem type

Affected products

Gaudire

Assassin game

last version - AFFECTED

References

incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire

GitHub Security Advisories

GHSA-63h5-48q5-g43w

The vulnerability arises when the system fails to properly validate the 'email' field during the...

https://github.com/advisories/GHSA-63h5-48q5-g43w

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7167

incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire

github.com

https://github.com/advisories/GHSA-63h5-48q5-g43w

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7167
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7167",
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "dateUpdated": "2026-06-22T15:46:44.192Z",
    "dateReserved": "2026-04-27T07:25:30.682Z",
    "datePublished": "2026-06-22T12:50:35.167Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE",
        "dateUpdated": "2026-06-22T12:50:35.167Z"
      },
      "datePublic": "2026-06-22T12:38:00.000Z",
      "title": "Multiple vulnerabilities in the Assassin game by Gaudire",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "Gaudire",
          "product": "Assassin game",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "last version",
              "status": "affected",
              "versionType": "custom"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "cweId": "CWE-200",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "There is no reported solution at this time.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "There is no reported solution at this time."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Adrià Bonilla Martin k0x",
          "type": "finder"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-06-22T15:46:44.192Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}