Description
This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response.

Successful exploitation of this vulnerability could allow the attacker to bypass authentication and gain unauthorized access to user accounts on the targeted system.
Published: 2026-04-29
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper authentication logic that relies on client‑side response parameters to determine authentication status. Because the server does not enforce authentication on its own, a malicious actor can intercept the response and modify it, causing the system to accept an unauthorized session. The primary impact is unauthorized access to user accounts, granting the attacker confidentiality and integrity privileges that would normally be protected by the login mechanism. This flaw is typical of an authentication bypass weakness.

Affected Systems

The affected product is the Hospital Management Information System known as e‑Sushrut, developed by CDAC‑Noida. All previous versions of this HMIS are vulnerable; specific patch levels are not enumerated in the available data.

Risk and Exploitability

The CVSS score of 8.8 classifies the flaw as high severity. Attackers can exploit the issue remotely by intercepting and modifying network traffic between the client and the e‑Sushrut server. Because the EPSS score is not available, the precise probability of exploitation is unclear, and the vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote network interception, and it requires no special privileges beyond the ability to capture or alter traffic to the target system.

Generated by OpenCVE AI on April 29, 2026 at 09:21 UTC.

Remediation

Vendor Solution

Contact C-DAC for upgrading e-Sushrut HMIS to latest version

OpenCVE Recommended Actions

  • Contact C‑DAC to upgrade e‑Sushrut HMIS to the latest patch version
  • Modify the application configuration so that authentication checks are performed exclusively on the server side, removing any reliance on client‑side response parameters
  • Implement network segmentation and intrusion detection to monitor and block anomalous authentication attempts

Generated by OpenCVE AI on April 29, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Cdac-noida e-sushrut Hmis
Vendors & Products Cdac-noida e-sushrut Hmis

Wed, 29 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Wed, 29 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this vulnerability could allow the attacker to bypass authentication and gain unauthorized access to user accounts on the targeted system.
Title Authentication Bypass Vulnerability in e-Sushrut HMIS
First Time appeared Cdac-noida
Cdac-noida e-sushrut Hospital Management Information System Hmis
CPEs cpe:2.3:a:cdac-noida:e-sushrut_hospital_management_information_system_hmis_:previous_versions:*:*:*:*:*:*:*
Vendors & Products Cdac-noida
Cdac-noida e-sushrut Hospital Management Information System Hmis
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Cdac-noida E-sushrut Hmis E-sushrut Hospital Management Information System Hmis
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-04-29T08:13:23.151Z

Reserved: 2026-04-28T08:14:36.620Z

Link: CVE-2026-42513

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-29T09:16:24.417

Modified: 2026-04-29T09:16:24.417

Link: CVE-2026-42513

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:10:15Z

Weaknesses