![CVE](https://img.shields.io/badge/CVE-2026--32138-red)

# CVE-2026-32138 — API Key Exposure (Nexulean Website)

**Severity:** High  
**CWE:** CWE-284, CWE-798  

## Summary
Exposed Firebase and Web3Forms API keys allowed unauthorized access to backend services.

## Impact
- Unauthorized database access  
- Exposure of user data  
- Abuse of third-party services  

## Affected
v1.0.0  

## Fixed
v2.0.0  

## References
- https://github.com/advisories/GHSA-r7cr-5wcx-x9wm  
- https://github.com/0x5t4l1n/website/releases/tag/v2.0.0  

## Credits
Reporter: rootcrypt  
Coordinator: 0x5t4l1n