Cargus CVE-2026-24589
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.
AnalysisAI
Cargus eCommerce versions 1.5.8 and earlier expose sensitive data in outbound communications due to improper information handling, allowing remote unauthenticated attackers to retrieve embedded sensitive information. The vulnerability requires no user interaction and carries a CVSS score of 5.3, though no patch is currently available.
Technical ContextAI
Affects Cargus eCommerce Cargus cargus. Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.
Affected ProductsAI
Product: Cargus eCommerce Cargus cargus.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today