PT-2026-25050 · Stalin 143+1 · Website

Rootcrypt

Publicado

2026-03-12

Atualizado

2026-03-13

CVE-2026-32138

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions NEXULEAN versions prior to 2.0.0

Description Prior to version 2.0.0, the software exposed Firebase and Web3Forms API keys. An attacker could leverage these exposed keys to interact with backend services without proper authentication. This unauthorized access could potentially compromise application resources and user data.

Recommendations Update to version 2.0.0 or later.

Exploit

Correção

Using Hardcoded Credentials

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-284

Identificadores relacionados

CVE-2026-32138

GHSA-R7CR-5WCX-X9WM

Produtos afetados

Website

PT-2026-25050 · Stalin 143+1 · Website

CVE-2026-32138

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8