Remote Code Execution Vulnerability in e-Sushrut by Informatics
CVE-2026-42514

8.8HIGH

Key Information:

Vendor: Cdac-noida
Status: E-sushrut, Hospital Management Information System (hmis)
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-42514?

The vulnerability found in e-Sushrut arises from the exposure of One-Time Passwords (OTPs) in plaintext within API responses. This flaw allows a remote attacker to intercept these sensitive API responses, capturing valid OTPs. With access to an OTP, attackers can impersonate legitimate users, leading to unauthorized access to user accounts and potential data breaches. Organizations using e-Sushrut are advised to implement measures to secure API communications and protect sensitive user authentication data.

Affected Version(s)

e-Sushrut, Hospital Management Information System (HMIS) Previous versions

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

This vulnerability is reported by Harsh Verma

CVE-2026-42514 Data

JSON

Cdac-noida

What is CVE-2026-42514?

Affected Version(s)

References

CVSS V4

Timeline

Credit