CVE-2026-22644
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick_ag | incoming_goods_suite | * |
| grafana | grafana | From 11.5.0 (exc) |
| grafana | grafana | From 12.0.2 (inc) |
| grafana | grafana | From 11.6.3 (inc) |
| grafana | grafana | From 11.5.6 (inc) |
| grafana | grafana | From 11.4.6 (inc) |
| grafana | grafana | From 11.3.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because certain requests pass the authentication token in the URL as a string query parameter. This practice makes the token vulnerable to theft through server logs, proxy logs, and Referer headers. An attacker who obtains this token could hijack the user's session and gain unauthorized access.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to hijack a user's session by stealing the authentication token from logs or headers. This unauthorized access could lead to exposure of sensitive information or unauthorized actions performed under the user's identity, impacting confidentiality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves authentication tokens being passed in the URL as query parameters, which can be detected by monitoring network traffic and logs for URLs containing authentication tokens. Detection can include inspecting server logs, proxy logs, and Referer headers for such tokens. While specific commands are not provided in the resources, general approaches include using network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP requests and grep or similar tools to search logs for patterns like 'token=' or other authentication parameters in URLs. [5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding passing authentication tokens in URLs as query parameters. Instead, use secure methods such as HTTP headers or secure cookies to transmit authentication tokens. Additionally, implement network segmentation, use firewalls and proxies to filter and monitor traffic, and apply outbound traffic filtering to prevent token leakage. Employ encryption (e.g., VPNs, VLANs) and access controls to protect sensitive data. Monitoring and restricting outbound HTTP traffic can help prevent token theft via Referer headers or logs. Consult SICK's cybersecurity guidelines for detailed network security best practices. [5]