CVE-2026-7189

Proliz Software · Proliz's OBS

Proliz's OBS contains a vulnerability that leads to the unauthorized insertion of sensitive information into outgoing data streams.

Executive summary

An unauthenticated information disclosure vulnerability in Proliz's OBS poses a high risk of sensitive data exposure to unauthorized parties.

Vulnerability

This is an insertion of sensitive information into sent data vulnerability (CWE-201), which allows an unauthenticated, remote attacker to potentially access sensitive information transmitted by the software.

Business impact

The exploitation of this flaw could lead to the unauthorized disclosure of proprietary or sensitive business information, potentially resulting in regulatory non-compliance or loss of competitive advantage. With a CVSS score of 7.5, the vulnerability is considered high severity due to the ease of remote access and the potential impact on data confidentiality.

Remediation

Immediate Action: Upgrade Proliz's OBS to version 3.6.0 or higher immediately to address the underlying information leakage.

Proactive Monitoring: Review outbound network traffic and application logs for unusual data patterns or unexpected external communication requests.

Compensating Controls: Implement network-level egress filtering to restrict unauthorized data transmission to untrusted destinations until the patch is applied.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the high CVSS score and the nature of the data exposure, organizations using Proliz's OBS should prioritize the transition to version 3.6.0. Prompt patching is essential to prevent unauthorized access to sensitive data transmitted by the application.