CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2026-42951 (GCVE-0-2026-42951)
Vulnerability from cvelistv5 – Published: 2026-05-29 17:32 – Updated: 2026-05-29 19:43
VLAI
Title
MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials
Summary
An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Danelec | MacGregor Voyage Data Recorder (VDR) G4e |
Affected:
0 , < 5.250
(custom)
|
Date Public
2026-05-28 17:22
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T19:42:42.913020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:43:09.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MacGregor Voyage Data Recorder (VDR) G4e",
"vendor": "Danelec",
"versions": [
{
"lessThan": "5.250",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-05-28T17:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAn authenticated\u003c/span\u003e\n\u003cspan\u003euser can download a backup of the\u0026nbsp;\u003c/span\u003e\u003cspan\u003eDanelec MacGregor Voyage Data Recorder\u003c/span\u003e\n\n\n\u003cspan\u003edevice which includes account data and password hashes.\u003c/span\u003e"
}
],
"value": "An authenticated\nuser can download a backup of the\u00a0Danelec MacGregor Voyage Data Recorder\n\n\ndevice which includes account data and password hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T17:32:11.492Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.danelec.com/contact"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eDanelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.danelec.com/contact\"\u003ehttps://www.danelec.com/contact\u003c/a\u003e"
}
],
"value": "Danelec has released firmware version V5.250 to resolve these vulnerabilities. Users of MacGregor Voyage Data Recorder (VDR) G4e devices are encouraged to update the firmware at the earliest service attendance rather than waiting for an annual performance test. Contact Danelec with additional questions:\u00a0 https://www.danelec.com/contact"
}
],
"source": {
"advisory": "ICSA-26-148-01",
"discovery": "EXTERNAL"
},
"title": "MacGregor Voyage Data Recorder (VDR) G4e Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-42951",
"datePublished": "2026-05-29T17:32:11.492Z",
"dateReserved": "2026-05-07T16:55:26.102Z",
"dateUpdated": "2026-05-29T19:43:09.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4387 (GCVE-0-2026-4387)
Vulnerability from cvelistv5 – Published: 2026-05-29 18:28 – Updated: 2026-06-01 16:26
VLAI
Title
Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file
Summary
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\<username>\.sdm\state.kv. The file is protected only by default user-level NTFS permissions.
Exploitation requires local read access to the affected user's profile directory and additional deployment and execution conditions on the target host.
The condition was reported through coordinated disclosure by Hope Walker (SpecterOps).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.strongdm.com/?tcuUid=56fde839-93… | vendor-advisory |
| https://specterops.io/blog/2026/06/01/cve-2026-43… | related |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| StrongDM | StrongDM Desktop Application |
Affected:
0 , < 23.74.0
(semver)
|
|
| StrongDM | StrongDM Desktop Client |
Affected:
0 , < 53.77.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T19:49:18.108657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:49:33.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "StrongDM Desktop Application",
"vendor": "StrongDM",
"versions": [
{
"lessThan": "23.74.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "StrongDM Desktop Client",
"vendor": "StrongDM",
"versions": [
{
"lessThan": "53.77.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hope Walker, SpecterOps"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at \u003ccode\u003eC:\\Users\\\u0026lt;username\u0026gt;\\.sdm\\state.kv\u003c/code\u003e. The file is protected only by default user-level NTFS permissions.\u003c/p\u003e\u003cp\u003eExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\u003c/p\u003e\u003cp\u003eThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps).\u003c/p\u003e"
}
],
"value": "StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\\Users\\\u003cusername\u003e\\.sdm\\state.kv. The file is protected only by default user-level NTFS permissions.\n\n\n\nExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\n\n\n\nThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker with local read access to the affected user\u0027s profile directory may obtain authentication state stored in the state.kv file. Under specific deployment and execution conditions, the recovered material could be used to authenticate against StrongDM-brokered resources as the affected user."
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:26:35.443Z",
"orgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
"shortName": "StrongDM"
},
"references": [
{
"name": "StrongDM Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2ed"
},
{
"tags": [
"related"
],
"url": "https://specterops.io/blog/2026/06/01/cve-2026-4387-strongdm-state-file-reuse/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows).\u003c/p\u003e"
}
],
"value": "Upgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-19T00:00:00.000Z",
"value": "Initial coordinated disclosure submission received from SpecterOps."
},
{
"lang": "en",
"time": "2025-12-12T00:00:00.000Z",
"value": "Vendor reproduction testing performed on StrongDM Desktop Application 23.51.0."
},
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Fix released in StrongDM Desktop Application 23.74.0 / Desktop Client 53.77.0."
},
{
"lang": "en",
"time": "2026-04-01T13:20:00.000Z",
"value": "Patch validation completed; condition not reproducible on the fixed release."
},
{
"lang": "en",
"time": "2026-05-30T00:00:00.000Z",
"value": "Public disclosure and CVE publication."
}
],
"title": "Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
"assignerShortName": "StrongDM",
"cveId": "CVE-2026-4387",
"datePublished": "2026-05-29T18:28:00.572Z",
"dateReserved": "2026-03-18T13:52:47.802Z",
"dateUpdated": "2026-06-01T16:26:35.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-43992 (GCVE-0-2026-43992)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:25 – Updated: 2026-05-13 14:38
VLAI
Title
JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter
Summary
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Dragonmonk111/junoclaw/securit… | x_refsource_CONFIRM |
| https://github.com/Dragonmonk111/junoclaw/commit/… | x_refsource_MISC |
| https://github.com/Dragonmonk111/junoclaw/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dragonmonk111 | junoclaw |
Affected:
< v0.x.y-security-1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:34:03.835477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:38:16.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "junoclaw",
"vendor": "Dragonmonk111",
"versions": [
{
"status": "affected",
"version": "\u003c v0.x.y-security-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted \u0027mnemonic: string\u0027 as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in the LLM tool-call JSON, exposing it to any transport, log, or telemetry surface in the path between the LLM provider and the MCP process. This vulnerability is fixed in 0.x.y-security-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:25:30.868Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Dragonmonk111/junoclaw/security/advisories/GHSA-j75q-8xvm-6c48"
},
{
"name": "https://github.com/Dragonmonk111/junoclaw/commit/339701e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dragonmonk111/junoclaw/commit/339701e"
},
{
"name": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Dragonmonk111/junoclaw/releases/tag/v0.x.y-security-1"
}
],
"source": {
"advisory": "GHSA-j75q-8xvm-6c48",
"discovery": "UNKNOWN"
},
"title": "JunoClaw: MCP write tools exposed raw BIP-39 mnemonic as a tool-call parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43992",
"datePublished": "2026-05-12T16:25:30.868Z",
"dateReserved": "2026-05-04T20:24:31.917Z",
"dateUpdated": "2026-05-13T14:38:16.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45091 (GCVE-0-2026-45091)
Vulnerability from cvelistv5 – Published: 2026-05-12 13:20 – Updated: 2026-05-12 14:39
VLAI
Title
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
Summary
sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/davidalmeidac/sealed-env/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| davidalmeidac | sealed-env |
Affected:
< 0.1.0-alpha.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T14:38:56.109361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T14:39:10.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sealed-env",
"vendor": "davidalmeidac",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.0-alpha.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator\u0027s literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encoded JSON, NOT encrypted. Any party who could observe a minted token (CI build logs, container env dumps, kubectl describe pod, Sentry/Rollbar stack traces, log aggregators) could decode the payload and extract the TOTP secret in plaintext. This vulnerability is fixed in 0.1.0-alpha.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T13:20:21.560Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/davidalmeidac/sealed-env/security/advisories/GHSA-x3r2-fj3r-g5mv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/davidalmeidac/sealed-env/security/advisories/GHSA-x3r2-fj3r-g5mv"
}
],
"source": {
"advisory": "GHSA-x3r2-fj3r-g5mv",
"discovery": "UNKNOWN"
},
"title": "sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45091",
"datePublished": "2026-05-12T13:20:21.560Z",
"dateReserved": "2026-05-08T19:27:26.698Z",
"dateUpdated": "2026-05-12T14:39:10.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4819 (GCVE-0-2026-4819)
Vulnerability from cvelistv5 – Published: 2026-03-31 14:57 – Updated: 2026-03-31 17:23
VLAI
Title
Search Guard audit logs can contain under certain conditions user credentials
Summary
In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| floragunn | Search Guard FLX |
Affected:
1.0.0 , ≤ 4.0.1
(semver)
|
Date Public
2026-03-31 10:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:23:37.990130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:23:46.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Search Guard FLX",
"vendor": "floragunn",
"versions": [
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-31T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
}
],
"value": "In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:57:56.792Z",
"orgId": "9f311a02-c44f-4938-8530-9219246b8255",
"shortName": "floragunn"
},
"references": [
{
"url": "https://search-guard.com/cve-advisory/"
},
{
"url": "https://docs.search-guard.com/latest/changelog-searchguard-flx-4_1_0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Search Guard audit logs can contain under certain conditions user credentials",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9f311a02-c44f-4938-8530-9219246b8255",
"assignerShortName": "floragunn",
"cveId": "CVE-2026-4819",
"datePublished": "2026-03-31T14:57:56.792Z",
"dateReserved": "2026-03-25T13:44:37.576Z",
"dateUpdated": "2026-03-31T17:23:46.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6345 (GCVE-0-2026-6345)
Vulnerability from cvelistv5 – Published: 2026-05-18 08:40 – Updated: 2026-05-19 03:55
VLAI
Title
Prevent password disclosure and force reset during Slack import
Summary
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.5.0 , ≤ 11.5.1
(semver)
Affected: 10.11.0 , ≤ 10.11.13 (semver) Affected: 11.4.0 , ≤ 11.4.3 (semver) Unaffected: 11.6.0 Unaffected: 11.5.2 Unaffected: 10.11.14 Unaffected: 11.4.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T03:55:27.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.5.1",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.13",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.4.3",
"status": "affected",
"version": "11.4.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.6.0"
},
{
"status": "unaffected",
"version": "11.5.2"
},
{
"status": "unaffected",
"version": "10.11.14"
},
{
"status": "unaffected",
"version": "11.4.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "eeshan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.5.x \u003c= 11.5.1, 10.11.x \u003c= 10.11.13, 11.4.x \u003c= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T08:40:00.821Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00614",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.6.0, 11.5.2, 10.11.14, 11.4.4 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00614",
"defect": [
"https://mattermost.atlassian.net/browse/MM-67645"
],
"discovery": "EXTERNAL"
},
"title": "Prevent password disclosure and force reset during Slack import",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-6345",
"datePublished": "2026-05-18T08:40:00.821Z",
"dateReserved": "2026-04-15T10:44:28.488Z",
"dateUpdated": "2026-05-19T03:55:27.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6408 (GCVE-0-2026-6408)
Vulnerability from cvelistv5 – Published: 2026-04-22 01:46 – Updated: 2026-04-22 12:49
VLAI
Title
Tanium addressed an information disclosure vulnerability in Tanium Server.
Summary
Tanium addressed an information disclosure vulnerability in Tanium Server.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Server |
Affected:
7.6.4.0 , < 7.6.4.2185
(custom)
Affected: 7.7.3.0 , < 7.7.3.8266 (custom) Affected: 7.8.2.0 , < 7.8.2.1168 (custom) |
Date Public
2026-04-22 01:46
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T12:48:18.544819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T12:49:39.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.4.2185",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8266",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.8.2.1168",
"status": "affected",
"version": "7.8.2.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-04-15T21:51:17.273Z",
"datePublic": "2026-04-22T01:46:17.259Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T01:46:40.653Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-012",
"url": "https://security.tanium.com/TAN-2026-012"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-6408",
"datePublished": "2026-04-22T01:46:40.653Z",
"dateReserved": "2026-04-15T21:51:17.871Z",
"dateUpdated": "2026-04-22T12:49:39.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6446 (GCVE-0-2026-6446)
Vulnerability from cvelistv5 – Published: 2026-05-02 04:27 – Updated: 2026-05-04 14:59
VLAI
Title
My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action
Summary
The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the 'ttp_get_accounts' AJAX action. This is due to the complete absence of authorization checks (no capability verification) and nonce verification in the get_accounts() function, which returns the full contents of the 'ttp_tiktok_accounts' WordPress option. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive TikTok OAuth credentials, including access_token and refresh_token values, that belong to administrator-connected TikTok accounts, enabling them to impersonate the site owner when interacting with the TikTok API.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bplugins | My Social Feeds – Social Feeds Embedder Plugin for WordPress |
Affected:
0 , ≤ 1.0.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T14:59:38.474969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T14:59:54.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "My Social Feeds \u2013 Social Feeds Embedder Plugin for WordPress",
"vendor": "bplugins",
"versions": [
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Teerachai Somprasong"
}
],
"descriptions": [
{
"lang": "en",
"value": "The My Social Feeds \u2013 Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 via the \u0027ttp_get_accounts\u0027 AJAX action. This is due to the complete absence of authorization checks (no capability verification) and nonce verification in the get_accounts() function, which returns the full contents of the \u0027ttp_tiktok_accounts\u0027 WordPress option. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive TikTok OAuth credentials, including access_token and refresh_token values, that belong to administrator-connected TikTok accounts, enabling them to impersonate the site owner when interacting with the TikTok API."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-02T04:27:46.053Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d46d6493-8b89-4258-9d83-79e5946cd76f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/my-social-feeds/trunk/includes/TiktokAPI.php#L190"
},
{
"url": "https://plugins.trac.wordpress.org/browser/my-social-feeds/tags/1.0.2/includes/TiktokAPI.php#L190"
},
{
"url": "https://plugins.trac.wordpress.org/browser/my-social-feeds/trunk/includes/TiktokAPI.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/browser/my-social-feeds/tags/1.0.2/includes/TiktokAPI.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3514796%40my-social-feeds\u0026new=3514796%40my-social-feeds\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-18T04:32:56.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "My Social Feeds \u003c= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via \u0027ttp_get_accounts\u0027 AJAX Action"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-6446",
"datePublished": "2026-05-02T04:27:46.053Z",
"dateReserved": "2026-04-16T18:29:52.438Z",
"dateUpdated": "2026-05-04T14:59:54.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7038 (GCVE-0-2026-7038)
Vulnerability from cvelistv5 – Published: 2026-04-26 12:00 – Updated: 2026-04-27 16:53
VLAI
Title
tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials
Summary
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359618 | vdb-entry |
| https://vuldb.com/vuln/359618/cti | signaturepermissions-required |
| https://vuldb.com/submit/798525 | third-party-advisory |
| https://github.com/tufantunc/ssh-mcp/issues/42 | exploitissue-tracking |
| https://github.com/tufantunc/ssh-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T16:53:14.501925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T16:53:30.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Command Line Handler"
],
"product": "ssh-mcp",
"vendor": "tufantunc",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BlackBird_BB (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-26T12:00:19.170Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359618 | tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/359618"
},
{
"name": "VDB-359618 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359618/cti"
},
{
"name": "Submit #798525 | tufantunc ssh-mcp 1.5 Information Exposure Through Server Log Files",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/798525"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/tufantunc/ssh-mcp/issues/42"
},
{
"tags": [
"product"
],
"url": "https://github.com/tufantunc/ssh-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-25T17:51:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7038",
"datePublished": "2026-04-26T12:00:19.170Z",
"dateReserved": "2026-04-25T15:46:42.629Z",
"dateUpdated": "2026-04-27T16:53:30.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8368 (GCVE-0-2026-8368)
Vulnerability from cvelistv5 – Published: 2026-05-12 14:01 – Updated: 2026-05-19 17:16
VLAI
Title
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Summary
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes.
A redirect to an attacker controlled host therefore discloses the caller's credentials to that host.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OALDERS | LWP::UserAgent |
Affected:
0 , < 6.83
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-12T17:41:03.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:30:39.897128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:16:03.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "libwww-perl",
"product": "LWP::UserAgent",
"programFiles": [
"lib/LWP/UserAgent.pm"
],
"programRoutines": [
{
"name": "LWP::UserAgent::request"
}
],
"repo": "https://github.com/libwww-perl/libwww-perl",
"vendor": "OALDERS",
"versions": [
{
"lessThan": "6.83",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kai Aizen"
}
],
"descriptions": [
{
"lang": "en",
"value": "LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.\n\nOn a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes.\n\nA redirect to an attacker controlled host therefore discloses the caller\u0027s credentials to that host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T14:01:25.365Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/libwww-perl/libwww-perl/commit/9c4aeb6f2dd32f2b7eaf2d7827cade31ea6cb2c6.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/OALDERS/libwww-perl-6.83/changes"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/libwww-perl/libwww-perl/pull/512"
},
{
"tags": [
"related"
],
"url": "https://github.com/libwww-perl/libwww-perl/pull/284"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to libwww-perl 6.83 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-11T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "libwww-perl 6.83 released with fix."
}
],
"title": "LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-8368",
"datePublished": "2026-05-12T14:01:25.365Z",
"dateReserved": "2026-05-11T21:33:14.480Z",
"dateUpdated": "2026-05-19T17:16:03.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Use an appropriate security mechanism to protect the credentials.
Mitigation
Phase: Architecture and Design
Description:
- Make appropriate use of cryptography to protect the credentials.
Mitigation
Phase: Implementation
Description:
- Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.