CVE-2026-7189 in OBSinfo

Summary

by MITRE • 07/17/2026

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Proliz's OBS: before v3.6.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The vulnerability under discussion represents a critical access control flaw within Proliz Software Ltd.'s OBS system, specifically targeting the authorization mechanisms that govern user functionality access. This weakness manifests as an insertion of sensitive information into sent data, creating a pathway for unauthorized users to bypass proper access controls and gain access to restricted system capabilities. The vulnerability exists in versions prior to v3.6.0, indicating that Proliz had not yet implemented adequate safeguards to prevent such unauthorized access scenarios.

The technical flaw stems from insufficient validation of access control lists within the OBS platform, allowing malicious actors to exploit improperly constrained functionality access patterns. When users interact with the system, sensitive data elements are being inadvertently included in transmitted information streams without proper authorization checks. This creates an environment where attackers can manipulate system behavior by injecting privileged commands or accessing restricted features through crafted data payloads. The vulnerability directly relates to CWE-284 which addresses improper access control issues, specifically focusing on inadequate constraints within Access Control Lists that permit unauthorized access to system resources.

The operational impact of this vulnerability extends beyond simple data exposure, as it fundamentally compromises the integrity of the system's authorization framework. An attacker exploiting this weakness could potentially escalate privileges, access confidential information, or manipulate system functionality in ways that were never intended by the platform designers. The affected OBS system likely processes user requests through various functional components that should be strictly controlled based on user roles and permissions, yet the flawed implementation allows unauthorized access to these capabilities regardless of proper authentication status.

Security practitioners must recognize this issue as a significant risk to organizational data protection and system integrity. The vulnerability creates opportunities for lateral movement within network environments where OBS systems are deployed, potentially enabling more extensive attacks beyond the initial compromised access point. Organizations using affected versions should immediately implement mitigation strategies including patching to v3.6.0 or later releases, implementing additional monitoring of access patterns, and conducting thorough audits of user permissions and system functionality constraints.

From a defensive perspective, this vulnerability highlights the importance of proper access control implementation and validation within software systems. The ATT&CK framework categorizes such issues under privilege escalation techniques where adversaries leverage weak access controls to gain higher-level system permissions. Mitigation strategies should include implementing robust input validation, enforcing strict role-based access controls, and establishing comprehensive logging mechanisms that can detect anomalous access patterns indicative of exploitation attempts. Regular security assessments and penetration testing focused on access control mechanisms can help identify similar vulnerabilities before they can be exploited in real-world scenarios.

The remediation process requires careful attention to ensure that the ACL constraints are properly enforced throughout all system components while maintaining legitimate user functionality. Proliz should implement comprehensive testing procedures to verify that access controls function correctly across all supported platforms and user scenarios. Additionally, organizations should consider implementing network segmentation strategies to limit the potential impact of such vulnerabilities and establish incident response protocols specifically designed to address unauthorized access scenarios.

Responsible

TR-CERT

Reservation

04/27/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!