CVE-2026-42518

Vulnerability Description

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic keys.

Successful exploitation of this vulnerability could lead to exposure of sensitive data and compromise of cryptographic protections on the targeted system.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

April 29, 2026

CWE ID

CWE-321

Source

NVD

Vendor

CDAC-Noida

Product

e-Sushrut, Hospital Management Information System (HMIS)

External References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0207

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment