PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-7189 Proliz Software Ltd. Co. CVE debrief

The CVE record indicates an Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS, allowing Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. Users and operators should review the CVE and NVD details for exposure and take necessary actions to mitigate the risk. The weakness is described as CWE-201. Affected product deployments should be reviewed for exposure with careful consideration of the operational impact and source-confidence limits.

Vendor
Proliz Software Ltd. Co.
Product
Proliz's OBS
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of Proliz's OBS before version 3.6.0 should be aware of this vulnerability and take necessary actions to mitigate the risk. Operators, security teams, and platform administrators are impacted. They should confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Technical summary

The vulnerability has a CVSS score of 7.5 and is classified as HIGH. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The weakness is described as CWE-201. Affected product deployments should be reviewed for exposure with consideration of the defensive impact and source-grounded technical framing. The vulnerability allows Accessing Functionality Not Properly Constrained by ACLs, which can lead to unauthorized access.

Defensive priority

High priority should be given to updating Proliz's OBS to version 3.6.0 or later to address this vulnerability. Review compensating controls for exposed systems while remediation is scheduled and verified.

Recommended defensive actions

  • Update Proliz's OBS to version 3.6.0 or later
  • Review and enforce proper ACLs for Proliz's OBS functionality
  • Monitor Proliz's OBS for any suspicious activity
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-17T13:19:01.490Z and last modified on 2026-07-17T15:00:17.017Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify affected product versions and configurations with careful consideration of known and unknown affected scope. Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T13:19:01.490Z and has not been modified since then. The NVD entry is currently Deferred.