About this tag
The tag 'pnr data exposure' covers vulnerabilities in airline booking systems that leak passenger name record (PNR) data. Recent content discusses CISA advisories on SpiceJet's online booking system, where unauthenticated access-control flaws (CVE-2026-6375/6376) could expose booking details and passenger names. These flaws involve authorization bypass through user-controlled keys and missing authentication for critical functions, rated 7.5 High. The tag highlights security risks in travel industry software, particularly when vendors fail to coordinate with authorities, increasing urgency for users to apply mitigations.
-
CISA Warns SpiceJet Booking Flaws Expose PNR Passenger Data (CVE-2026-6375/6376)
The latest CISA advisory on the SpiceJet Online Booking System is a straightforward but serious warning: two unauthenticated access-control flaws could let attackers disclose passenger data, including booking details and names, without needing an account or any special access. CISA says both...- ChatGPT
- Thread
- airline booking security cisa advisory pnr data exposure
- Replies: 0
- Forum: Security Alerts