Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Published: 2026-01-27
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Upgrade
AI Analysis

Impact

The vulnerability is an information disclosure flaw (CWE-200) that allows an unauthorized actor to obtain sensitive data while using ixray-1.6-stcop. The flaw exposes confidential information, potentially compromising data confidentiality but does not appear to affect integrity or availability.

Affected Systems

ixray-team ixray-1.6-stcop versions prior to 1.3 are affected. No other vendor or product variants are listed.

Risk and Exploitability

The CVSS score is 3.7, indicating a moderate impact. The EPSS score is below 1%, implying a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly stated in the advisory; it is inferred that an attacker must have some access to the system (either local or remote) to exploit the disclosure. No public exploit code is known.

Generated by OpenCVE AI on April 18, 2026 at 02:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ixray-1.6-stcop to version 1.3 or later to eliminate the disclosure.
  • Ensure that only authorized users have access to sensitive data by implementing proper authentication and authorization controls.
  • Audit configuration files and user permissions to prevent unauthorized actors from retrieving sensitive information.

Generated by OpenCVE AI on April 18, 2026 at 02:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ixray-team ix-ray Engine 1.6
CPEs cpe:2.3:a:ixray-team:ix-ray_engine_1.6:*:*:*:*:*:*:*:*
Vendors & Products Ixray-team ix-ray Engine 1.6

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Ixray-team
Ixray-team ixray
Vendors & Products Ixray-team
Ixray-team ixray

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.
Title Information disclosure in ixray-1.6-stcop
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Ixray-team Ix-ray Engine 1.6 Ixray
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T21:35:14.884Z

Reserved: 2026-01-27T15:46:29.598Z

Link: CVE-2026-24870

cve-icon Vulnrichment

Updated: 2026-01-27T21:06:58.274Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T16:16:36.377

Modified: 2026-02-05T17:02:00.460

Link: CVE-2026-24870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:15:05Z

Weaknesses