An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCab…

An unauthenticated information disclosure vulnerability in Newgen OmniDocs allows remote attackers to access the /omnidocs/GetListofCabinet API endpoint without credentials. The vulnerability enables unauthorized retrieval of sensitive internal configuration information including cabinet names and database metadata. This missing authentication and access control issue allows enumeration of backend deployment details. The vulnerability may facilitate further targeted attacks against affected systems. Organizations using Newgen OmniDocs should implement proper authentication controls on the affected API endpoint.