Security Flaw in VINCE Affects Ticket Management Functionality
CVE-2026-8142

Currently unrated

Key Information:

Vendor: Cert/cc
Status: Vince
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-8142?

VINCE versions 3.0.38 and earlier exhibit a flaw where the From address authenticity is not adequately verified due to encoding confusion. This vulnerability can lead to unauthorized automated actions, such as ticket creation or updates, potentially allowing malicious parties to manipulate ticket workflows. Ensuring proper authentication of the sender's address is critical to maintaining security in automated systems.

Affected Version(s)

VINCE 0 <= 3.0.38

References

https://kb.cert.org/vince

https://github.com/CERTCC/VINCE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

Credit

Thanks to Guillem Lefait guillem@datamq.com for reporting the issue

CVE-2026-8142 Data

JSON

Cert/cc

What is CVE-2026-8142?

Affected Version(s)

References

Timeline

Credit