Security Vulnerability Severity Rating

Rate this security vulnerability severity using the examples.

Examples:
- "SQL injection in public search endpoint" → Critical (CVSS 9.8) - RCE potential, no auth required
- "IDOR in user profile API" → High (CVSS 7.5) - Data exposure, auth required
- "Missing rate limiting on login" → Medium (CVSS 5.3) - Brute force possible, mitigated by lockout
- "Verbose error messages in API" → Low (CVSS 3.1) - Information disclosure, limited impact

Vulnerability: {{vulnerability_description}}
Affected endpoint: {{endpoint}}
Authentication required: {{auth_required}}

Rate with: Severity, CVSS estimate, attack vector, recommended timeline.