CVE-2026-8142

216.73.217.22

· Published 07/05/2026 20:16 · Modified 07/05/2026 20:32

Labels: CVE-2026-8142 2026-05-07 CVE-2026-8142 [email protected]

Essential information

Published: 07/05/2026 20:16
Modified: 07/05/2026 20:32
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
vince / vince	`cpe:2.3:a:vince:vince:<3.0.38:::::::*`

CVE-2026-8142

Essential information

Description

NVD status

Affected products (CPE)

References