Information Disclosure Vulnerability in ICU Scandinavia Boomerang
CVE-2026-46458

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-46458?

ICU Scandinavia Boomerang contains a vulnerability that exposes sensitive credential files through static HTTP requests. This issue allows an unauthenticated remote attacker to access plaintext service account and SMTP credentials by requesting specific XML files hosted in the webroot. To mitigate this risk, users are advised to upgrade to Boomerang version 2.4.18.029 or later, which addresses this vulnerability.

Affected Version(s)

Boomerang 0 < 2.4.18.029

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marek Figielski (vanilla.pl)
.