PatchSiren cyber security CVE debrief
CVE-2026-7382 MeWare Software Development Inc. CVE debrief
CVE-2026-7382 is a vulnerability in MeWare Software Development Inc. PDKS, classified as Exposure of Sensitive Information to an Unauthorized Actor and Exposure of private personal information to an unauthorized actor. This issue affects PDKS versions from V16.20200313 before VMYR_3.5.2025117. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM.
- Vendor
- MeWare Software Development Inc.
- Product
- PDKS
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-30
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-04-30
- Advisory updated
- 2026-06-06
Who should care
Users of MeWare Software Development Inc. PDKS, specifically those using versions from V16.20200313 before VMYR_3.5.2025117, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by Exposure of Sensitive Information to an Unauthorized Actor and Exposure of private personal information to an unauthorized actor in MeWare Software Development Inc. PDKS. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Update PDKS to version VMYR_3.5.2025117 or later.
- Restrict access to sensitive information.
- Implement proper authentication and authorization mechanisms.
Evidence notes
The CVE record for CVE-2026-7382 can be found at [cve-org]. The NVD detail for this vulnerability is available at [nvd]. Additional information can be found at [ref-4] and [ref-5].
Official resources
CVE-2026-7382 was published on 2026-04-30T13:16:06.267Z and modified on 2026-06-06T08:16:54.217Z.