CVE 8.7 HIGH

Information Disclosure Vulnerability in e-Sushrut HMIS_CVE-2026-42518

April 29, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys.

Successful exploitation of this vulnerability could lead to exposure of sensitive data and compromise of cryptographic protections on the targeted system.

AI Analysis

Information disclosure vulnerability due to hardcoded AES encryption keys in client-side JavaScript, allowing unauthenticated remote attackers to extract sensitive information and cryptographic keys.

Basic Information

ID CVE-2026-42518

Source CERT-In

Published Apr 29, 2026 at 08:37

Affected Product

Vendor CDAC-Noida

Product e-Sushrut, Hospital Management Information System (HMIS)

Version Previous versions

Affected Versions CDAC-Noida e-Sushrut, Hospital Management Information System (HMIS) Previous versions

CWE Classification

CWE-321

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor CDAC-Noida

Product e-Sushrut HMIS

Version Previous versions

References

www.cert-in.org.in /s2cMainServlet

{
    "lastseen": "",
    "description": "This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys.\n\nSuccessful exploitation of this vulnerability could lead to exposure of sensitive data and compromise of cryptographic protections on the targeted system.",
    "published": "2026-04-29T08:37:32.944Z",
    "modified": "2026-04-29T08:37:32.944Z",
    "type": "cve",
    "title": "Information Disclosure Vulnerability in e-Sushrut HMIS",
    "source": "CERT-In",
    "references": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0207",
    "id": "CVE-2026-42518",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "CDAC-Noida e-Sushrut, Hospital Management Information System (HMIS) Previous versions",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "e-Sushrut, Hospital Management Information System (HMIS)",
    "version": "Previous versions",
    "vendor": "CDAC-Noida",
    "ai_description": "Information disclosure vulnerability due to hardcoded AES encryption keys in client-side JavaScript, allowing unauthenticated remote attackers to extract sensitive information and cryptographic keys.",
    "ai_severity": "High",
    "ai_vendor": "CDAC-Noida",
    "ai_product": "e-Sushrut HMIS",
    "ai_version": "Previous versions",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply