{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "01995b5b92c2fc6099b6cbb5f7fb48941dc0c367"
            }
          ],
          "repo": "https://github.com/hytalemodding/wiki",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-xvq7-wwhx-x2fh"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32736.json"
  },
  "details": "The Hytale Modding Wiki is a free service for Hytale mods to host their documentation \u0026 wikis. An Insecure Direct Object Reference (IDOR) vulnerability in versions of the wiki prior to 1.0.0 exposes mod authors' personal information - including full names and email addresses - to any authenticated user who visits a mod page. Any user who creates an account can access sensitive author details by simply navigating to a mod's page via its slug. Version 1.0.0 fixes the issue.",
  "id": "CVE-2026-32736",
  "modified": "2026-04-01T23:09:34.682758873Z",
  "published": "2026-03-18T22:06:10.884Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32736.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/HytaleModding/wiki/security/advisories/GHSA-xvq7-wwhx-x2fh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32736"
    },
    {
      "type": "FIX",
      "url": "https://github.com/HytaleModding/wiki/commit/4a96b3f9bce9a9d34030c39a8d6e4c6b6183f13d"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure"
}