What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through <= 3.6.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
JetSearch versions up to 3.6.1.2 expose sensitive information that can be read over the network without authentication. An attacker can retrieve partial data from the affected component by sending a direct request. The vulnerability does not allow modification or disruption of service. Update to a version newer than 3.6.1.2.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the site without logging in.
Potential impact on your site
04Site Impact
Sensitive data may be exposed to unauthenticated visitors; integrity and availability are not affected.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published