Data Exposure Vulnerability in Gaudire's Game Product
CVE-2026-7166

9.2CRITICAL

Key Information:

Vendor: Gaudire
Status: Assassin Game
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-7166?

The vulnerability poses significant risks due to the exposure of sensitive data, including email and phone number information. The application’s API mistakenly makes personal data from fields vulnerable, compromising users' privacy. This also extends to a local database that includes unprotected sensitive details concerning minors and municipal users. Attackers with unauthenticated access can exploit this flaw, leading to unauthorized data retrieval and potential misuse of the compromised information.

Affected Version(s)

Assassin game last version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

Adrià Bonilla Martin k0x

CVE-2026-7166 Data

JSON