CVE-2026-25729

Name of the Vulnerable Software and Affected Versions DeepAudit versions prior to 3.0.5

Description An improper access control issue exists in DeepAudit versions 3.0.4 and earlier. The /api/v1/users/ API endpoint allows any authenticated user to enumerate all users within the system. This allows retrieval of sensitive information such as email addresses, phone numbers, full names, and role information. The vulnerable parameter is not specified.

Recommendations Update DeepAudit to version 3.0.5 or later.