CVE-2026-31381

Summary

An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL.

Affected Software

VendorProductVersion RangeStatus
GainsightGainsight Assist0unknown

Weaknesses

  • CWE-598: CWE-598 Use of GET request method with sensitive query strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References