Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable endpoint requires no authentication (AV:N, PR:N, AC:L); confidentiality impact is low (C:L) as disclosure is configuration data, not full system access; no integrity or availability impact applies.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials.
AnalysisAI
Unauthenticated information disclosure in TheHive through 4.1.24 exposes sensitive configuration data - including the datastore attachment protection password, SSO settings, MFA capabilities, and clustered node addresses - to any network-reachable attacker via a single GET request to /api/status. The root cause is a missing authentication gate in the StatusCtrl.scala handler, a CWE-306 class defect. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | TheHive must be running a version at or below 4.1.24, and the /api/status endpoint must be network-reachable from the attacker - this is the case in any internet-facing or intranet-accessible deployment, as the endpoint is present in the default installation with no special configuration required to enable it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N reflects low attack complexity and zero authentication requirement, meaning exploitation is reachable by any actor with network access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker identifies a network-accessible TheHive instance and issues a single HTTP GET request to /api/status, receiving a JSON response containing the datastore attachment protection password, SSO configuration, authentication provider list, MFA capability flags, and cluster node roles. A public POC hosted on GitHub documents this exact technique, making it reachable by low-skilled attackers. … |
| Remediation | No vendor-released patched version has been identified in the available data - the fix version is unconfirmed and should be verified directly with the TheHive project at their official repository. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cross-organization data disclosure in TheHive through 4.1.24 allows any authenticated user to download attachments belon
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Acti
StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. Rated
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45196
GHSA-f4pj-hh6r-99c8