Information Disclosure Vulnerability in ICU Scandinavia Boomerang
CVE-2026-46458
7.1HIGH
What is CVE-2026-46458?
ICU Scandinavia Boomerang contains a vulnerability that exposes sensitive credential files through static HTTP requests. This issue allows an unauthenticated remote attacker to access plaintext service account and SMTP credentials by requesting specific XML files hosted in the webroot. To mitigate this risk, users are advised to upgrade to Boomerang version 2.4.18.029 or later, which addresses this vulnerability.
Affected Version(s)
Boomerang 0 < 2.4.18.029
