Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-7189 represents a critical access control vulnerability in Proliz's OBS (Object-Based Storage) system prior to version 3.6.0, where sensitive information is inadvertently exposed through inadequately constrained Access Control Lists (ACLs). This CWE-201 vulnerability allows unauthorized users to access functionality that should be restricted, potentially exposing confidential data during transmission or storage. Organizations running Proliz OBS in environments handling regulated data—such as healthcare, finance, or government sectors—face significant risk of data breach and compliance violations. The vulnerability's CVSS score of 7.5 (high) indicates substantial exploitability with meaningful impact on confidentiality and integrity.
While this CVE currently maps to zero Casky skills, practitioners should prioritize upgrading to v3.6.0 or later immediately. When using Casky's extended reasoning capabilities powered by Claude AI, security teams would typically look for detection patterns around unauthorized data access attempts, anomalous ACL modifications, and unexpected privilege escalation to storage resources. Although specific MITRE ATT&CK mapping is not yet assigned, practitioners should monitor for techniques like T1078 (Valid Accounts), T1087 (Account Discovery), and T1580 (Cloud Infrastructure Discovery) in their Proliz OBS logs. As threat intelligence and exploitation details emerge, Casky's skill library will expand to include behavioral detection rules and forensic indicators specific to ACL bypass attempts targeting OBS implementations.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-7189. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation