CVE-2026-8142

MEDIUM 6.5

CVE-2026-8142

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

5th

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

Vendor	cert/cc
Product	vince
Published	May 7, 2026
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for cert/cc vince

Be the first to know when new medium vulnerabilities affecting cert/cc vince are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CERT/CC / VINCE

* ≤ 3.0.38

References

NVD ↗ CVE.org ↗ EPSS Data ↗

kb.cert.org: https://kb.cert.org/vince github.com: https://github.com/CERTCC/VINCE

Credits

Thanks to Guillem Lefait [email protected] for reporting the issue