Skip to main content

Ixray 1 6 Stcop EUVDEUVD-2026-14711

| CVE-2026-4733 MEDIUM
Information Exposure (CWE-200)
2026-03-24 GovTech CSG GHSA-6c79-f9m3-c7m5
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.3
EUVD ID Assigned
Mar 24, 2026 - 03:30 euvd
EUVD-2026-14711
Analysis Generated
Mar 24, 2026 - 03:30 vuln.today
CVE Published
Mar 24, 2026 - 02:52 nvd
MEDIUM 5.3

DescriptionCVE.org

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

AnalysisAI

ixray-1.6-stcop before version 1.3 contains an Exposure of Sensitive Information vulnerability (CWE-200) that allows unauthenticated remote attackers to access unauthorized data. The vulnerability has a CVSS score of 5.3 with low attack complexity and no user interaction required, making it accessible over the network. While the vulnerability does not impact confidentiality or integrity according to the CVSS vector, the availability impact warrants immediate patching.

Technical ContextAI

The vulnerability exists in ixray-1.6-stcop, an open-source project by the ixray-team tracked via CPE cpe:2.3:a:ixray-team:ixray-1.6-stcop:*:*:*:*:*:*:*:*. The root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), which represents a failure in access controls or data handling mechanisms that inadvertently expose restricted information to unauthenticated or unauthorized users. This typically manifests in web applications or APIs that fail to properly validate user permissions, sanitize error messages, or enforce proper authentication boundaries before serving sensitive data over the network.

RemediationAI

Upgrade ixray-1.6-stcop to version 1.3 or later, which contains the security patch documented in GitHub pull request #259 (https://github.com/ixray-team/ixray-1.6-stcop/pull/259). Organizations unable to immediately patch should implement network-level access controls to restrict unauthenticated access to ixray-1.6-stcop services, enforce authentication at the application gateway layer if possible, and review access logs for evidence of exploitation. Since the vulnerability requires only network access with no authentication or user interaction, network segmentation and firewall rules limiting exposure to trusted internal networks are strongly recommended as interim measures.

Share

EUVD-2026-14711 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy