Skip to main content

Incoming Goods Suite CVE-2026-22645

MEDIUM
Information Exposure (CWE-200)
2026-01-15 psirt@sick.de
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 15, 2026 - 14:16 nvd
MEDIUM 5.3

DescriptionCVE.org

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

AnalysisAI

Incoming Goods Suite exposes component names, versions, and license details to unauthenticated users, enabling attackers to identify and exploit known vulnerabilities in those dependencies. This information disclosure affects any organization running the application and allows remote adversaries to conduct targeted attacks without authentication.

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects Incoming Goods Suite. The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-22645 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy