CVE-2026-12060 MEDIUM

CVE-2026-12060: Hepta Platforms|Heptabase - Exposed Dangerous

Vendor Hepta Platforms
Product Heptabase
Weakness CWE-749
Published June 12, 2026
Last update June 12, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated