ByteOS Network

NVD Vulnerability Details :

CVE-2026-8142

Awaiting Analysis

Source-cret@cert.org

Published At-07 May, 2026 | 20:16

Updated At-08 May, 2026 | 14:16

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Hyperlink	Source	Resource
https://github.com/CERTCC/VINCE	cret@cert.org	N/A
https://kb.cert.org/vince	cret@cert.org	N/A

Hyperlink: https://github.com/CERTCC/VINCE

Source: cret@cert.org

Resource: N/A

Hyperlink: https://kb.cert.org/vince

Source: cret@cert.org

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History