A vulnerability was found in sourcentis mercator up to 2025.05.18 . It has been classified as problematic . The impacted element is the function QueryController::execute of the file /admin/queries/execute . Performing a manipulation of the argument hidden results in exposure of private personal information to an unauthorized actor. This vulnerability is cataloged as CVE-2026-49344 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is