CVE 7.1 HIGH

Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API_CVE-2026-56783

7.1 / 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets by querying GET /api/v1/targets or related endpoints.

Basic Information

ID CVE-2026-56783
Source VulnCheck
Published Jun 29, 2026 at 17:16

Affected Product

Vendor parseablehq
Product parseable
Affected Versions parseablehq parseable 0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.