CVE-2026-32138

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions NEXULEAN versions prior to 2.0.0

Description Prior to version 2.0.0, the software exposed Firebase and Web3Forms API keys. An attacker could leverage these exposed keys to interact with backend services without proper authentication. This unauthorized access could potentially compromise application resources and user data.

Recommendations Update to version 2.0.0 or later.

Exploit

Fix

Using Hardcoded Credentials

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-284

Related Identifiers

CVE-2026-32138

GHSA-R7CR-5WCX-X9WM

Affected Products

Website

CVE-2026-32138

Weakness Enumeration

Related Identifiers

Affected Products

References · 8