Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
Public Swagger UI/API detected at path: /swagger/index.html
Open service 20.105.224.46:443 · esg.captureserver.circlon.de
2026-01-22 23:13
HTTP/1.1 404 Not Found
Connection: close
Content-Type: application/json; charset=utf-8
Date: Thu, 22 Jan 2026 23:14:03 GMT
Set-Cookie: ARRAffinity=6bc239cb301b67dc40b76835e601ab10bfb582e955d13dd3549a0c800e9ba5d2;Path=/;HttpOnly;Secure;Domain=esg.captureserver.circlon.de
Set-Cookie: ARRAffinitySameSite=6bc239cb301b67dc40b76835e601ab10bfb582e955d13dd3549a0c800e9ba5d2;Path=/;HttpOnly;SameSite=None;Secure;Domain=esg.captureserver.circlon.de
Transfer-Encoding: chunked
{"error":"Endpoint not found.","trace":"0HNIPK9TUSSIA:0000036E"}
Open service 20.105.224.46:443 · esg.captureserver.circlon.de
2026-01-11 02:04
HTTP/1.1 404 Not Found
Connection: close
Content-Type: application/json; charset=utf-8
Date: Sun, 11 Jan 2026 02:05:04 GMT
Set-Cookie: ARRAffinity=35df836a77fcbc396a057482468e7fe70ce2faa2e8bc896a0c5bb6f040a54069;Path=/;HttpOnly;Secure;Domain=esg.captureserver.circlon.de
Set-Cookie: ARRAffinitySameSite=35df836a77fcbc396a057482468e7fe70ce2faa2e8bc896a0c5bb6f040a54069;Path=/;HttpOnly;SameSite=None;Secure;Domain=esg.captureserver.circlon.de
Transfer-Encoding: chunked
{"error":"Endpoint not found.","trace":"0HNIGI7VGRC6M:000001CF"}
Open service 20.105.224.46:80 · esg.captureserver.circlon.de
2026-01-11 02:04
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Sun, 11 Jan 2026 02:05:05 GMT Location: https://esg.captureserver.circlon.de/