Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration.

Basic Information

ID CVE-2026-2250

Source MHV

Published Feb 11, 2026 at 14:13

Affected Product

Vendor METIS Cyberspace Technology SA

Product METIS WIC

Version oscore 2.1.234-r18

Affected Versions METIS Cyberspace Technology SA METIS WIC oscore 2.1.234-r18

CWE Classification

CWE-284 CWE-215

References

www.metis.tech /

{
    "lastseen": "",
    "description": "The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration.",
    "published": "2026-02-11T14:13:45.892Z",
    "modified": "2026-02-11T14:13:45.892Z",
    "type": "cve",
    "title": "Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC",
    "source": "MHV",
    "references": "https://www.metis.tech/",
    "id": "CVE-2026-2250",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-215"
    ],
    "cvelist": null,
    "sourceData": "METIS Cyberspace Technology SA METIS WIC oscore 2.1.234-r18",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "METIS WIC",
    "version": "oscore 2.1.234-r18",
    "vendor": "METIS Cyberspace Technology SA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC_CVE-2026-2250