Description
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.

This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
Published: 2026-04-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MeWare Software Development Inc.'s PDKS has a vulnerability that allows an unauthorized actor to access sensitive personal information exposed by the application. The weakness is identified as CWE-200 and CWE-359, indicating that information is being inadvertently exposed. This disclosure can compromise the confidentiality of private data, potentially enabling identity theft or other privacy violations. The description does not detail the attack vector, but it implies that the vulnerable component can be accessed by users without proper authorization.

Affected Systems

The affected product is MeWare Software Development Inc.’s PDKS. Versions ranging from V16.20200313 up to, but not including, VMYR_3.5.2025117 are impacted. Users deploying any of these releases should verify their version against this range.

Risk and Exploitability

This vulnerability carries a CVSS score of 6.5, placing it in the medium severity range. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog, suggesting that publicly available exploits are currently unknown. Without a defined attack vector, the likelihood of exploitation is uncertain, but the medium severity and potential confidentiality impact warrant prompt attention.

Generated by OpenCVE AI on May 1, 2026 at 05:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PDKS to version VMYR_3.5.2025117 or later to eliminate the information exposure flaw.
  • If an upgrade is not immediately possible, restrict network and file permissions so that only authorized personnel can access the PDKS process and its configuration files, limiting the opportunity for unauthorized disclosure.
  • Review the application’s data handling practices to ensure that sensitive personal information is properly protected and not inadvertently exposed in logs, diagnostics, or other outputs.

Generated by OpenCVE AI on May 1, 2026 at 05:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Meware Software Development
Meware Software Development pdks
Vendors & Products Meware Software Development
Meware Software Development pdks

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
Title Information Disclosure in MeWare Software's PDKS
Weaknesses CWE-200
CWE-359
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Meware Software Development Pdks
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-04-30T13:14:50.693Z

Reserved: 2026-04-29T07:55:27.873Z

Link: CVE-2026-7382

cve-icon Vulnrichment

Updated: 2026-04-30T13:14:47.143Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T13:16:06.267

Modified: 2026-04-30T15:09:03.710

Link: CVE-2026-7382

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:21:23Z

Weaknesses