What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
Explanation of Vulnerability in Simple Terms
02Summary
Uncanny Automator versions up to 6.10.0 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to. The vulnerability requires an active login but no additional user interaction. Update to a version newer than 6.10.0 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
04Site Impact
User data and site configuration details may be exposed to any authenticated user.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated