CVE-2026-31381

Published: Mar 20, 2026 Last Modified: Mar 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.

598

Use of GET Request Method With Sensitive Query Strings

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Web Based, Web Server
View CWE Details
http://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-…
http://www.rapid7.com/blog/post/ve-cve-2026-31381-cve-2026-31382-gainsight-assi…