CVE Catalog

CVE-2026-2752

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces.

Risk Assessment

The exposed error messages may assist attackers in understanding the application's internal structure, increasing the risk of further attacks.

Recommendation

It is recommended to secure the /api/ais-data endpoint and implement proper error handling mechanisms to avoid disclosing detailed application information.

Original NVD description (English source)

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and third-party library references (e.g., System.Data.SQLite), which may assist attackers in mapping the application's internal structure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS