Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

CVE-2026-2752 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-2752

CVE-2026-2752

MEDIUM5.3

Navtor NavBox allows information disclosure via the /api/ais-data endpoint

Published Mar 6, 2026

Modified 1 months ago

Details

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and third-party library references (e.g., System.Data.SQLite), which may assist attackers in mapping the application's internal structure.

References

https://cydome.io/vulnerability-advisory-cve-2026-2752-in-navtor-navbox-version-4-12-0-3

https://www.cve.org/CVERecord?id=CVE-2026-2752

https://www.navtor.com/navtor-vendor-statement

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weakness Type (CWE)

Information Disclosure

Error Message Info Leak

Ecosystems

Timeline

PublishedMar 6, 2026

ModifiedMar 10, 2026