{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T18:53:36.242","vulnerabilities":[{"cve":{"id":"CVE-2026-24332","sourceIdentifier":"cve@mitre.org","published":"2026-01-22T08:16:00.857","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with \"status\": \"offline\"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as \"You will appear offline.\""},{"lang":"es","value":"Discord hasta el 16 de enero de 2026 permite recopilar información sobre si el estado del cliente de un usuario es Invisible (y no realmente fuera de línea) porque la respuesta a una solicitud de API de WebSocket incluye al usuario en el array de presencias (con 'status': 'offline'), mientras que los usuarios fuera de línea son omitidos del array de presencias. Esto es discutiblemente inconsistente con la descripción de la interfaz de usuario de Invisible como 'Aparecerás fuera de línea'."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-204"}]}],"references":[{"url":"https://xmrcat.org/discord-invisibility-bypass","source":"cve@mitre.org"}]}}]}