VYPR
Medium severity6.5NVD Advisory· Published May 7, 2026· Updated May 8, 2026

CVE-2026-8142

CVE-2026-8142

Description

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • CERTCC/Vincereferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=3.0.38

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.