What is CVE-2026-8142?

CVE-2026-8142 is a medium-severity vulnerability in Cert/cc Vince, classified under CWE-345: INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY. CVSS score: 6.5/10. Published 2026-05-07.

How severe is CVE-2026-8142?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Cert/cc Vince

CVE-2026-8142

VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates.

EPSS: 0.000 (5.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Cert/cc Vince — versions 0

References

cret@cert.org
cret@cert.org

Frequently asked questions

What is CVE-2026-8142?: CVE-2026-8142 is a medium-severity vulnerability in Cert/cc Vince, classified under CWE-345: INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY. CVSS score: 6.5/10. Published 2026-05-07.
How severe is CVE-2026-8142?: Medium severity. CVSS v3 base score is 6.5 out of 10.