Loading market data...
← Back to CVE feed

CVE-2026-56783

MEDIUM CVSS 6.5 View on NVD ↗

Description

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets by querying GET /api/v1/targets or related endpoints.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: Jun 29, 2026 18:16 UTC Modified: Jun 30, 2026 14:16 UTC