← Voltar para CVEs
CVE-2026-6375
N/ADescricao
A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw stems from missing authorization checks on an endpoint intended for authenticated profile access.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado4/23/2026
Ultima modificacao4/24/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-639
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-04(ics-cert@hq.dhs.gov)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.