CVE-2026-46459
Received
Received - Intake
Authentication Bypass in ICU Scandinavia Boomerang
Vulnerability report for CVE-2026-46459, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-15
Last updated on: 2026-07-15
Assigner: CERT.PL
Description
Description
ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database.
This issue has been fixed in version 2.4.18.029
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| icu_scandinavia | boomerang | to 2.4.18.029 (exc) |
| icu_scandinavia | boomerang | 2.4.18.029 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |