CVE-2026-31215 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: May 13, 2026
Nexent - Broken Access Control
Published: May 12, 2026Updated: May 13, 2026Remote Exploitable
Overview
Nexent v1.7.5.2 contains an unauthorized arbitrary file deletion vulnerability caused by lack of authentication and validation in the DELETE /{index_name}/documents endpoint, letting unauthenticated remote attackers delete arbitrary documents and files, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Unauthenticated attackers can delete arbitrary documents and files, causing data destruction and denial of service.
Mitigation
Update to the latest version with proper authentication and authorization controls on the DELETE endpoint.
References
Related Resources
Details
- CVE ID
- CVE-2026-31215
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_access_control
- Status
- unconfirmed
CWE
- CWE-552
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H