CVE-2026-32736
Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. An Insecure Direct Object Reference (IDOR) vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated user who visits a mod page. Any user who creates an account can access sensitive author details by simply navigating to a mod's page via its slug. Version 1.0.0 fixes the issue.
| CWE | CWE-862 |
| Vendor | hytalemodding |
| Product | wiki |
| Published | Mar 18, 2026 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for hytalemodding wiki
Be the first to know when new medium vulnerabilities affecting hytalemodding wiki are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
HytaleModding / wiki
< 1.0.0