Impact
An issue in Observe inc's Observe application, present in all releases up to and including 2026‑01‑28, allows a remote attacker to retrieve sensitive information by exploiting the CSV Log export feature. The weakness is an information‑disclosure flaw (CWE‑200). If an attacker can trigger the export, confidential log data is serialized into the CSV file and sent back to the attacker, thereby exposing the system’s internal data and violating confidentiality.
Affected Systems
The vulnerability applies to Observe inc's Observe product versions older than 2026‑01‑28 that have the CSV Log export capability enabled. Systems operating any of those releases without stringent access controls over the export function are at risk.
Risk and Exploitability
The CVSS score of 7.5 denotes high severity, whereas the EPSS score of less than 1 % indicates a very low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need remote access to the web interface to activate the export, implying a network‑based attack vector. No elevated privileges are required beyond the ability to use the export function.
OpenCVE Enrichment