Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
AnalysisAI
ixray-1.6-stcop before version 1.3 contains an Exposure of Sensitive Information vulnerability (CWE-200) that allows unauthenticated remote attackers to access unauthorized data. The vulnerability has a CVSS score of 5.3 with low attack complexity and no user interaction required, making it accessible over the network. While the vulnerability does not impact confidentiality or integrity according to the CVSS vector, the availability impact warrants immediate patching.
Technical ContextAI
The vulnerability exists in ixray-1.6-stcop, an open-source project by the ixray-team tracked via CPE cpe:2.3:a:ixray-team:ixray-1.6-stcop:*:*:*:*:*:*:*:*. The root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), which represents a failure in access controls or data handling mechanisms that inadvertently expose restricted information to unauthenticated or unauthorized users. This typically manifests in web applications or APIs that fail to properly validate user permissions, sanitize error messages, or enforce proper authentication boundaries before serving sensitive data over the network.
RemediationAI
Upgrade ixray-1.6-stcop to version 1.3 or later, which contains the security patch documented in GitHub pull request #259 (https://github.com/ixray-team/ixray-1.6-stcop/pull/259). Organizations unable to immediately patch should implement network-level access controls to restrict unauthenticated access to ixray-1.6-stcop services, enforce authentication at the application gateway layer if possible, and review access logs for evidence of exploitation. Since the vulnerability requires only network access with no authentication or user interaction, network segmentation and firewall rules limiting exposure to trusted internal networks are strongly recommended as interim measures.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14711
GHSA-6c79-f9m3-c7m5