Skip to main content

ICU Scandinavia Boomerang EUVDEUVD-2026-44666

| CVE-2026-46458 HIGH
Insufficiently Protected Credentials (CWE-522)
2026-07-15 CERT-PL GHSA-pc6h-25p2-384f
7.1
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
7.1 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Static-HTTP file retrieval is network-reachable and unauthenticated (AV:N/PR:N/UI:N/AC:L); impact is plaintext credential disclosure only, so C:H with I:N/A:N; vendor's AV:A is noted as a possible exposure limit.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 17:48 EUVD
Analysis Generated
Jul 15, 2026 - 13:21 vuln.today
CVE Published
Jul 15, 2026 - 12:51 cve.org
HIGH 7.1

DescriptionCVE.org

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This issue has been fixed in version 2.4.18.029

AnalysisAI

Information disclosure in ICU Scandinavia Boomerang (versions prior to 2.4.18.029) lets an unauthenticated attacker retrieve plaintext service-account and SMTP credentials by requesting specific XML configuration files served as static content from the webroot. The exposed credentials enable follow-on compromise of connected mail and service accounts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Boomerang HTTP listener
Delivery
Request credential XML from webroot
Exploit
Receive plaintext SMTP/service creds
Execution
Authenticate to mail/service accounts
Impact
Lateral movement or mail abuse

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the Boomerang web listener and knowledge (or enumeration) of the specific XML file paths under the webroot; no authentication, privileges, or user interaction are needed (PR:N/UI:N/AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and partially conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with reachability to the Boomerang web server requests a known XML file path under the webroot over plain HTTP and receives the file containing plaintext SMTP and service-account credentials. The attacker then uses those SMTP credentials to send authenticated mail (phishing/spam) and the service-account credentials to pivot into connected systems. …
Remediation Vendor-released patch: upgrade to Boomerang 2.4.18.029, which remediates the exposure. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Boomerang deployments and confirm version numbers; immediately restrict network access to the webroot and disable serving of XML configuration files if operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44666 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy