sovity dataspace-portal up to 7.3.1 client-side enforcement of server-side security
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in sovity dataspace-portal up to 7.3.1. This impacts an unknown function. Performing a manipulation results in client-side enforcement of server-side security. This vulnerability is cataloged as CVE-2026-42160. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical has been found in sovity dataspace-portal up to 7.3.1. This affects an unknown functionality. The manipulation with an unknown input leads to a client-side enforcement of server-side security vulnerability. CWE is classifying the issue as CWE-602. The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. This issue has been patched in version 7.3.2.
The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2026-42160 since 04/24/2026. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
Upgrading to version 7.3.2 eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Client-side enforcement of server-side securityCWE: CWE-602
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: dataspace-portal 7.3.2
Timeline
04/24/2026 CVE reserved05/08/2026 Advisory disclosed
05/08/2026 VulDB entry created
05/08/2026 VulDB entry last update
Sources
Product: github.comAdvisory: github.com
Status: Confirmed
CVE: CVE-2026-42160 (🔒)
GCVE (CVE): GCVE-0-2026-42160
GCVE (VulDB): GCVE-100-362349
Entry
Created: 05/08/2026 22:21Changes: 05/08/2026 22:21 (65)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.