Auth bypass in Cdac-noida E-sushrut, Hospital Management Information System (Hmis)

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized acces…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.

Affected products

Cdac-noida E-sushrut, Hospital Management Information System (Hmis) — versions Previous versions

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

vdisclose@cert-in.org.in (third-party-advisory)