CVE-2026-7167

Multiple vulnerabilities in the Assassin game by Gaudire

Assigner: INCIBE
Reserved: 27.04.2026 Published: 22.06.2026 Updated: 22.06.2026

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass creation of fraudulent accounts. Successful exploitation of this vulnerability could allow an authenticated attacker to carry out various attacks, such as mass spam distribution, system abuse, or bypassing user controls, thereby compromising the security and integrity of the system.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 6.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Gaudire
Product	Assassin game
Versions	Default: unaffected Version last version is affected

Vendor

Gaudire

Product

Assassin game

Versions

Default: unaffected

Version last version is affected

Solutions

There is no reported solution at this time.

Credits

Adrià Bonilla Martin k0x finder

References

Problem Types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CWE