CVE-2026-56783

MEDIUM

Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API

Title source: cna
STIX 2.1

Description

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including low-privilege reader roles, can recover credentials and internal endpoint URLs for all configured notification targets by querying GET /api/v1/targets or related endpoints.

References (5)

Core 5

Scores

CVSS v3 6.5
EPSS 0.0026
EPSS Percentile 17.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-522
Status published
Products (2)
parseablehq/parseable < 2.9.2
parseablehq/parseable 2.9.2
Published Jun 29, 2026
Tracked Since Jun 29, 2026