Incoming Goods Suite
CVE-2026-22645
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
AnalysisAI
Incoming Goods Suite exposes component names, versions, and license details to unauthenticated users, enabling attackers to identify and exploit known vulnerabilities in those dependencies. This information disclosure affects any organization running the application and allows remote adversaries to conduct targeted attacks without authentication.
Technical ContextAI
Classified as CWE-200 (Information Exposure). Affects Incoming Goods Suite. The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Incoming Goods Suite
View allIncoming Goods Suite contains a vulnerability that allows attackers to hijack the user's session and gain unauthorized a
Incoming Goods Suite exposes sensitive internal system information through error messages accessible to authenticated us
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today