Vulnetix
Try Vulnetix Request Demo
CVE-2026-33638 PUBLISHED CVSS 5.300000190734863 MEDIUM

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. A fix is available in v4.2.0.

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
github.comlin-snow/ech00, 0
lin-snowEch0< 4.2.0, < 4.2.0

Timeline

References

Open in Interactive Console →