CVE-2026-2752

EPSS 0.26%
Veröffentlicht 06.03.2026 15:16:10
Zuletzt bearbeitet 15.06.2026 17:15:18
Quelle 56a186b1-7f5e-4314-ba38-38d549
CVE-Watchlists
Login
Unerledigt
Login

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and third-party library references (e.g., System.Data.SQLite), which may assist attackers in mapping the application's internal structure.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Navtor ≫ Navbox Firmware Version >= 4.12.0.3 < 4.16.2.4

Navtor ≫ Navbox Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
56a186b1-7f5e-4314-ba38-38d5499fccfd	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://cydome.io/vulnerability-advisory-cve-2026-2752-in-navtor-navbox-version-4-12-0-3

Third Party Advisory

https://www.navtor.com/navtor-vendor-statement

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-2752

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2752

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2752

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2752