{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-7166: Multiple vulnerabilities in the Assassin game by Gaudire","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-7166","status":"final","version":"1","initial_release_date":"2026-06-22T12:47:47.703Z","current_release_date":"2026-06-22T15:46:08.469Z","revision_history":[{"date":"2026-06-22T12:47:47.703Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-7166 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-7166"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-7166"},{"category":"external","summary":"incibe.es","url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-assassin-game-gaudire"}]},"product_tree":{"branches":[{"category":"vendor","name":"Gaudire","branches":[{"category":"product_name","name":"Assassin game","branches":[{"category":"product_version","name":"last version","product":{"name":"Gaudire Assassin game last version","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:gaudire:assassin_game:last_version:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-7166","title":"Multiple vulnerabilities in the Assassin game by Gaudire","notes":[{"category":"description","text":"Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N","baseScore":9.2,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}