CVE-2026-8142

MEDIUM CVSS 6.5 View on NVD ↗

Description

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

https://github.com/CERTCC/VINCE
https://kb.cert.org/vince

Published: May 07, 2026 20:16 UTC Modified: May 08, 2026 14:16 UTC