{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/proliz-software-ltd.-co./feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-7189"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Proliz's OBS"],"_cs_severities":["high"],"_cs_tags":["vulnerability","sensitive-data-exposure","access-control-bypass"],"_cs_type":"advisory","_cs_vendors":["Proliz Software Ltd. Co."],"content_html":"\u003cp\u003eA vulnerability, identified as CVE-2026-7189, exists in Proliz Software Ltd. Co.'s Proliz OBS software, specifically in versions prior to 3.6.0. This critical flaw involves the improper insertion of sensitive information into sent data, which an attacker can leverage to access functionality that should otherwise be protected by Access Control Lists (ACLs). With a CVSS v3.1 Base Score of 8.2 (High), this vulnerability poses a significant risk. Although specific attack vectors are not detailed, successful exploitation could lead to unauthorized access to restricted areas or data within the application, compromising confidentiality and potentially integrity of the system. Defenders need to prioritize patching to prevent malicious actors from bypassing access controls and gaining unauthorized capabilities within the OBS platform.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eIf exploited, CVE-2026-7189 could allow an unauthorized attacker to bypass access control mechanisms in Proliz OBS, gaining access to sensitive data or functionality that should be restricted. This could lead to a compromise of data confidentiality and integrity, potentially enabling malicious operations within the application. The lack of proper ACL enforcement means an attacker could perform actions typically reserved for privileged users, leading to significant system compromise and unauthorized data manipulation or exposure. The exact scope of data exposed or functions accessible would depend on the specific configuration and sensitive data present within the affected Proliz OBS instance.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-7189 on all affected Proliz OBS instances immediately by updating to version 3.6.0 or later as described in the reference materials.\u003c/li\u003e\n\u003cli\u003eReview Access Control Lists (ACLs) within Proliz OBS for any signs of unauthorized modification or unusual access patterns post-patching.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T13:21:37Z","date_published":"2026-07-17T13:21:37Z","id":"https://feed.craftedsignal.io/briefs/2026-07-proliz-obs-sensitive-info-leak/","summary":"A high-severity vulnerability, CVE-2026-7189, in Proliz Software Ltd. Co.'s Proliz OBS before version 3.6.0 allows for the insertion of sensitive information into sent data, enabling attackers to access functionality not properly constrained by Access Control Lists (ACLs).","title":"Proliz OBS Vulnerability Allows Sensitive Information Insertion Leading to ACL Bypass (CVE-2026-7189)","url":"https://feed.craftedsignal.io/briefs/2026-07-proliz-obs-sensitive-info-leak/"}],"language":"en","title":"CraftedSignal Threat Feed - Proliz Software Ltd. Co.","version":"https://jsonfeed.org/version/1.1"}