Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-2752

Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose .NET stack traces. These error messages expose internal class names, method calls, and third-party library references (e.g., System.Data.SQLite), which may assist attackers in mapping the application's internal structure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 17.5%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-2752


Contact Us

Shodan ® - All rights reserved