Vulnerability Description
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-3321?
CVE-2026-3321 is a documented vulnerability. A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated ...
How severe is CVE-2026-3321?
CVSS scoring is not yet available for CVE-2026-3321. Check NVD for updates.
Is there a patch for CVE-2026-3321?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.