Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035496fec35e198c771c7063b67d4e68a0001fbf72084
Public Swagger UI/API detected at path: /swagger/index.html - sample paths: POST /BuildingPermit POST /Land POST /Lease POST /Owners POST /PlanningPermit POST /Properties POST /Sales POST /SouthAustraliaProperties POST /Token POST /Valuation
Open service 95.100.110.19:443 ยท mthotham-api-uat.vmonline.com.au
2026-01-23 10:05
HTTP/1.1 503 Service Unavailable Content-Type: text/html Content-Length: 162 Expires: Fri, 23 Jan 2026 10:05:35 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 23 Jan 2026 10:05:35 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Page title: 503 Service Temporarily Unavailable <html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> </body> </html>