CVE Catalog

CVE-2026-58419

Low risk· EPSS 7%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A vulnerability in the Notification API leaks private issue metadata even after user access has been revoked. A user whose permissions were removed can still read issue details such as titles and statuses.

Risk Assessment

The risk involves unauthorized access to confidential issue information, which may violate the organization's security policy and lead to sensitive data leakage.

Recommendation

Immediately update the Notification API to a version that properly validates permissions on every request. In the meantime, restrict API access to trusted users only.

Original NVD description (English source)

Notification API leaks private issue metadata after access revocation

Vulnerability data from NVD (NIST) · CISA KEV · EPSS