{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5413", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-02T08:02:10.455Z", "datePublished": "2026-04-02T17:45:09.982Z", "dateUpdated": "2026-04-02T19:10:24.735Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T17:45:09.982Z"}, "title": "Newgen OmniDocs GetWebApiConfiguration information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "Newgen", "product": "OmniDocs", "versions": [{"version": "12.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-02T10:07:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "kushkira (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/354828", "name": "VDB-354828 | Newgen OmniDocs GetWebApiConfiguration information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354828/cti", "name": "VDB-354828 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781722", "name": "Submit #781722 | Newgen Software Newgen OmniDocs 12.0.00 Use of Hard-coded Cryptographic Key", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1_cBMYBQo09ZEfgF4FKXh08PneBZoBrVI/view?usp=sharing", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T19:10:14.495885Z", "id": "CVE-2026-5413", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:10:24.735Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5413", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T19:10:14.495885Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:10:20.322Z"}}], "cna": {"title": "Newgen OmniDocs GetWebApiConfiguration information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "kushkira (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Newgen", "product": "OmniDocs", "versions": [{"status": "affected", "version": "12.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-02T10:07:21.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354828", "name": "VDB-354828 | Newgen OmniDocs GetWebApiConfiguration information disclosure", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354828/cti", "name": "VDB-354828 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781722", "name": "Submit #781722 | Newgen Software Newgen OmniDocs 12.0.00 Use of Hard-coded Cryptographic Key", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1_cBMYBQo09ZEfgF4FKXh08PneBZoBrVI/view?usp=sharing", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T17:45:09.982Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5413", "state": "PUBLISHED", "dateUpdated": "2026-04-02T19:10:24.735Z", "dateReserved": "2026-04-02T08:02:10.455Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-02T17:45:09.982Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5413", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:35.563", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1_cBMYBQo09ZEfgF4FKXh08PneBZoBrVI/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/781722"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354828"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354828/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "12.0"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "OmniDocs", "source": "cna", "vendor": "Newgen"}, "product": "omnidocs", "vendor": "newgensoft"}], "analysis": {"en": {"generated_at": "2026-04-02T23:14:59.445512+00:00", "value": {"mitigation_remediation": ["Verify whether a vendor patch exists for CVE\u20112026\u20115413 and upgrade the OmniDocs installation to the latest release if available.", "If no patch is available, limit access to the /omnidocs/GetWebApiConfiguration endpoint to trusted IP ranges or internal users by using firewall rules or network segmentation.", "Consider disabling the GetWebApiConfiguration API if it is not required for business processes.", "Monitor web traffic and logs for suspicious requests to /omnidocs/GetWebApiConfiguration and investigate anomalies promptly.", "Apply general security hardening: keep all software up to date, enforce least\u2011privilege access, and regularly review vendor security advisories."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is Newgen OmniDocs, versions up to and including 12.0.00. Any installation that exposes the /omnidocs/GetWebApiConfiguration endpoint without proper access controls is within risk scope.", "description_and_impact": "A flaw exists in Newgen OmniDocs v12.0.00 and earlier that allows remote actors to send a specially crafted connectionDetails parameter to the /omnidocs/GetWebApiConfiguration endpoint. The server responds with sensitive configuration information, leading to an unauthorized disclosure of data. The weakness corresponds to information\u2011disclosure and unauthorized access control failures, as reflected by CWE\u2011200 and CWE\u2011284.", "risk_and_exploitability": "The CVSS score of 6.3 places the vulnerability in the medium severity range. The EPSS score is not available and the issue is not listed in CISA\u2019s KEV catalog. The attack vector is remote, presumably over HTTP or HTTPS, and is considered difficult due to high complexity. However, an exploit is publicly available, thereby reducing the barrier for attackers. Organizations running vulnerable OmniDocs deployments face a moderate risk of unauthorized information exposure."}}}}, "created": "2026-04-03T08:58:04.336180+00:00", "updated": "2026-04-03T09:17:13.089797+00:00", "vendors": ["newgensoft", "newgensoft$PRODUCT$omnidocs"]}