HIGH SeverityCVSS 4.08.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVE-2026-42518

Last updated Apr 29, 2026 · Published Apr 29, 2026

Description

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys. Successful exploitation of this vulnerability could lead to exposure of sensitive data and compromise of cryptographic protections on the targeted system.

Affected products

2 listed

CDAC-Noida:e-Sushrut
Hospital Management Information System (HMIS)

Mappings

CWE

CWE-321

CAPEC

CAPEC-37

Guides

Secrets management in GitHub Actions: prevent leaks and rotate safelySecrets management in GitHub Actions starts with repository or environment secrets, scoped tokens, and OIDC…
API Key Security Best PracticesStorage, rotation, scoping, and abuse prevention.

Training

Secrets ManagementVaults, environment variables, rotation - keeping credentials out of code.
Secrets in PipelinesKeeping tokens, keys, and credentials safe throughout CI/CD workflows.