{"id":"GO-2026-4838","summary":"Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint in github.com/lin-snow/ech0","details":"Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint in github.com/lin-snow/ech0","aliases":["CVE-2026-33638","GHSA-m983-7426-5hrj"],"modified":"2026-03-26T21:04:00.304810Z","published":"2026-03-26T20:33:05Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4838","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/lin-snow/Ech0/security/advisories/GHSA-m983-7426-5hrj"},{"type":"WEB","url":"https://github.com/lin-snow/Ech0/commit/acbf1fd71011e6b9e1e6a911128056a19862f681"},{"type":"WEB","url":"https://github.com/lin-snow/Ech0/releases/tag/v4.2.0"}],"affected":[{"package":{"name":"github.com/lin-snow/ech0","ecosystem":"Go","purl":"pkg:golang/github.com/lin-snow/ech0"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.8-0.20260322121226-acbf1fd71011"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4838.json"}}],"schema_version":"1.7.5"}