Skip to main content

Incydr

1 CVEs product

Monthly

CVE-2026-50590 MEDIUM PATCH This Month

Arbitrary file access in Mimecast Incydr versions before 2.6.0 exposes endpoints to unauthorized read and write operations against files outside the application's intended scope, rooted in incorrect permission assignments (CWE-732). The CVSS 3.1 Changed Scope indicator (S:C) confirms that exploitation can reach resources beyond the Incydr agent boundary - meaningful given that Incydr is itself an insider risk monitoring platform that may store sensitive activity logs and configuration on the endpoint. Mimecast has released version 2.6.0 as the fix; no public exploit identified at time of analysis.

Information Disclosure Incydr
NVD
CVSS 3.1
4.5
EPSS
0.0%
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Arbitrary file access in Mimecast Incydr versions before 2.6.0 exposes endpoints to unauthorized read and write operations against files outside the application's intended scope, rooted in incorrect permission assignments (CWE-732). The CVSS 3.1 Changed Scope indicator (S:C) confirms that exploitation can reach resources beyond the Incydr agent boundary - meaningful given that Incydr is itself an insider risk monitoring platform that may store sensitive activity logs and configuration on the endpoint. Mimecast has released version 2.6.0 as the fix; no public exploit identified at time of analysis.

Information Disclosure Incydr
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy