CVE-2026-4733
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The ixray-1.6-stcop library includes outdated OpenSSL code vulnerable to CVE-2015-3195, potentially leaking sensitive data.
Vulnerability
Overview CVE-2026-4733 is an information disclosure vulnerability affecting the ixray-1.6-stcop library versions prior to 1.3. The root cause is the inclusion of unpatched code in src/3rd-party/crypto/openssl/src/tasn_dec.c, which was cloned from the OpenSSL project but did not receive a security fix for a known ASN.1 decoding issue. This original vulnerability was tracked as CVE-2015-3195 [1].
Exploitation
Conditions An unauthorized actor can exploit this by sending crafted ASN.1 data to an application using the vulnerable library. No authentication or special network position is required, as the bug triggers during decoding of untrusted input. The attack surface is broad, affecting any service that processes ASN.1-encoded data through the affected code path [1].
Impact
Successful exploitation could lead to exposure of sensitive information to an unauthorized actor. Depending on the context, this may include disclosure of memory contents, cryptographic keys, or other confidential data processed by the application [1].
Mitigation
The vulnerability is fixed in ixray-1.6-stcop version 1.3. Users should update immediately. The patch applies the same correction used in OpenSSL to address CVE-2015-3195 [1]. No workarounds are documented; updating the library is the recommended action.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.