CVE-2026-8033

MEDIUM

PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

Title source: cna

Description

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. Upgrading to version 5.7.1 mitigates this issue. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-361359 | PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

https://vuldb.com/vuln/361359

Signature, Permissions Required signature permissions-required

VDB-361359 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/361359/cti

Third Party Advisory third-party-advisory

Submit #800793 | PicoTronica e-Clinic Healthcare System (ECHS) v5.7 Information Disclosure

https://vuldb.com/submit/800793

Exploit exploit

https://docs.google.com/document/d/1dBJAAYyNpktnOBSCJPJGUMdfjb-Vj3PTy5oNj8RjeQ8/edit?usp=sharing

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (2)

PicoTronica/e-Clinic Healthcare System ECHS 5.7

PicoTronica/e-Clinic Healthcare System ECHS 5.7.1

Published May 06, 2026

Tracked Since May 07, 2026