Medium severity6.5NVD Advisory· Published May 7, 2026· Updated May 8, 2026
CVE-2026-8142
CVE-2026-8142
Description
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.