H3-2026-0038¶

Stack Trace Disclosure to Unauthenticated Users

Description¶

A web application returned an unhandled-exception stack trace to an unauthenticated client in a publicly accessible response.

Impact¶

An attacker can read the stack trace to learn the application's framework and version, internal file paths, and backend components. This does not by itself grant access, but it helps an attacker map the environment and tune subsequent attacks, such as matching the disclosed versions against known CVEs.

References¶

• CWE-209: Generation of Error Message Containing Sensitive Information
• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
• OWASP Top Ten: Security Misconfiguration