Description
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.
Published: 2026-06-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Assassin game includes an authentication flow that does not validate the email address supplied during account creation or login. This failure permits the use of fabricated or non‑existent email addresses. As a result, unauthenticated or authenticated users can generate large numbers of accounts that appear legitimate to the system, enabling mass spam, system abuse, or circumvention of user‑control mechanisms.

Affected Systems

Gaudire’s Assassin game is the only product listed as affected. No specific version numbers are mentioned in the advisory.

Risk and Exploitability

The vulnerability is rated with a CVSS score of 6.9, indicating a medium severity. The EPSS score is not provided, and the issue is not listed in the CISA KEV catalog, but the absence of email verification can be exploited through routine registration or login requests, likely requiring only network access and no special privileges.

Generated by OpenCVE AI on June 22, 2026 at 14:38 UTC.

Remediation

Vendor Solution

There is no reported solution at this time.


OpenCVE Recommended Actions

  • Add stringent validation to ensure that the email field conforms to RFC standards and belongs to an allowed domain.
  • Require that users confirm their email address through a verification link before the account becomes active.
  • Run a security test or penetration test to validate that email verification is enforced and no nonexistent addresses can be registered.

Generated by OpenCVE AI on June 22, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Gaudire
Gaudire assassin Game
Vendors & Products Gaudire
Gaudire assassin Game

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.
Title Multiple vulnerabilities in the Assassin game by Gaudire
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}


Subscriptions

Gaudire Assassin Game
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-06-22T15:46:44.192Z

Reserved: 2026-04-27T07:25:30.682Z

Link: CVE-2026-7167

cve-icon Vulnrichment

Updated: 2026-06-22T15:46:36.639Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:03:29Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor