Auth bypass in Cdac-noida E-sushrut, Hospital Management Information System (Hmis)

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the req…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (18.7th percentile) — read the EPSS interpretation.

Affected products

Cdac-noida E-sushrut, Hospital Management Information System (Hmis) — versions Previous versions

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

vdisclose@cert-in.org.in (third-party-advisory)