CVE-2026-25058 in vexainfo

Zusammenfassung

von MITRE • 20.04.2026

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication or authorization checks. An unauthenticated attacker can enumerate all meeting IDs, access any user's meeting transcripts without credentials, and steal confidential business conversations, passwords, and/or PII. Version 0.10.0-260419-1910 patches the issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

28.01.2026

Veröffentlichung

20.04.2026

Moderieren

akzeptiert

Eintrag

VDB-358334

CPE

bereit

CWE

CWE-306 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00103

KEV

nein

Aktivitäten

very low

Sektor

Hospital, Telecommunication, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25058
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25058
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25058/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!