CVE-2026-31381

Medienbericht

Gainsight Assist plugin information disclosure

An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gainsight ≫ Assist Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.218

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@rapid7.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

23.03.2026 15:22

http://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assist-information-disclosure-xss-fixed

Third Party Advisory

https://communities.gainsight.com/community-news-2/recent-gainsight-assist-plugin-remediations-cve-2026-31381-and-cve-2026-31382-30587

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform