Arbitrary User Information Modification in Gaudire's Assassin Game
CVE-2026-7165

9.4CRITICAL

Key Information:

Vendor: Gaudire
Status: Assassin Game
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-7165?

A vulnerability exists in the 'addJugador' endpoint of Gaudire's Assassin Game that allows authenticated users to manipulate other users' information due to inadequate authorization checks. Attackers can modify user IDs and gain unauthorized access to sensitive data, such as internal IP addresses and local files, by exploiting the system's lax input validation. Additionally, administrative privileges can be self-assigned without proper authentication, paving the way for privilege escalation. The presence of long numeric inputs can lead to system crashes, enabling denial-of-service attacks. These issues highlight serious security oversights that could have significant implications for user data and game integrity.

Affected Version(s)

Assassin game last version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

Adrià Bonilla Martin k0x

CVE-2026-7165 Data

JSON