Home / Vulnerability Intelligence / CVE-2026-32138

CVE-2026-32138 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 12, 2026

NEXULEAN - Authentication Bypass

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

NEXULEAN < 2.0.0 contains an information disclosure caused by exposed Firebase and Web3Forms API keys, letting attackers interact with backend services without authentication, exploit requires exposed API keys.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 5.7%(Probability of exploitation in next 30 days)

Impact

Attackers can access application resources and user data without authentication, leading to unauthorized data access.

Mitigation

Upgrade to version 2.0.0.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🟠 CVE-2026-32138 - High (8.2) NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could us... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32138/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32138
Severity: High
CVSS Score: 8.2
Type: broken_authentication
Status: unconfirmed
EPSS: 5.7%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

5.7%Probability of exploitation in the next 30 days