Incoming Goods Suite
CVE-2026-22644
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.
AnalysisAI
Incoming Goods Suite contains a vulnerability that allows attackers to hijack the user's session and gain unauthorized access (CVSS 5.3).
Technical ContextAI
exists in the URL as string query component. Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Incoming Goods Suite
View allIncoming Goods Suite exposes component names, versions, and license details to unauthenticated users, enabling attackers
Incoming Goods Suite exposes sensitive internal system information through error messages accessible to authenticated us
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today