CVE/patches/CVE-2026-32138.md

CVE-2026-32138 — API Key Exposure (Nexulean Website)

Severity: High
CWE: CWE-284, CWE-798

Summary

Exposed Firebase and Web3Forms API keys allowed unauthorized access to backend services.

Impact

• Unauthorized database access
• Exposure of user data
• Abuse of third-party services

Affected

v1.0.0

Fixed

v2.0.0

References

• https://github.com/advisories/GHSA-r7cr-5wcx-x9wm
• https://github.com/Stalin-143/website/releases/tag/v2.0.0

Credits

Reporter: rootcrypt
Coordinator: Stalin-143