HIGHCVE-2026-42516Published Modified CNA CERT-In
CVE-2026-42516: Broken Access Control Vulnerability in e-Sushrut HMIS
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system.
Metrics
- CVSS v4.0
- 7.1
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- CDAC-Noida / e-Sushrut, Hospital Management Information System (HMIS)Previous versions
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:NReferences