CVE-2026-8142
Awaiting Analysis
Awaiting Analysis - Queue
Vulnerability in VINCE due to From address spoofing
Vulnerability report for CVE-2026-8142, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-07
Last updated on: 2026-05-08
Assigner: CERT/CC
Description
Description
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cert_coordination_center | vince | to 3.0.38 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |