Description
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-17
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in an undisclosed function within the file /api/health/detailed of the Health Check Endpoint, allowing an attacker to receive sensitive system information. The weakness, identified as information disclosure, permits an attacker to learn details that could aid further intrusion. This flaw operates with remote exploitation capabilities, meaning a threat actor can trigger it from outside the network without additional footholds.

Affected Systems

The affected product is arnobt78 Hotel Booking Management System. Versioning follows a rolling release model, and the exact versions affected are not enumerated. The vulnerability was found in functionality prior to the commit f8922d0e0f6ac1cc761974c7616f44c2bbc04bea.

Risk and Exploitability

The severity is scored as 6.9 on the CVSS scale, indicating a moderate to high risk. The EPSS score is not available, so the current likelihood of exploitation cannot be quantified, but the vulnerability is publicly documented and does not appear in the CISA KEV catalog. Based on the description, the likely attack vector is remote, and exploitation requires only that the actor can send a request to the /api/health/detailed endpoint, which may be unauthenticated or protected by weak access controls.

Generated by OpenCVE AI on April 18, 2026 at 09:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if a newer release that fixes the health check disclosure is available and apply it immediately.
  • If no fix is available, restrict access to the /api/health/detailed endpoint using authentication, firewall rules, or IP whitelisting to limit exposure.
  • Disable the Health Check Endpoint if it is not essential for operational monitoring.
  • Monitor network traffic and application logs for abnormal calls to the exposed endpoint.
  • Segment the network to isolate the application tier from externally reachable components.

Generated by OpenCVE AI on April 18, 2026 at 09:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Arnobt78
Arnobt78 hotel Booking Management System
Vendors & Products Arnobt78
Arnobt78 hotel Booking Management System

Fri, 17 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Title arnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Arnobt78 Hotel Booking Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-17T14:32:34.042Z

Reserved: 2026-04-17T07:24:13.202Z

Link: CVE-2026-6492

cve-icon Vulnrichment

Updated: 2026-04-17T14:32:30.632Z

cve-icon NVD

Status : Deferred

Published: 2026-04-17T14:16:35.380

Modified: 2026-04-22T20:22:50.570

Link: CVE-2026-6492

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:30:25Z

Weaknesses