{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24870", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T15:46:29.598Z", "datePublished": "2026-01-27T15:47:13.401Z", "dateUpdated": "2026-01-27T21:35:14.884Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ixray-1.6-stcop", "vendor": "ixray-team", "versions": [{"lessThan": "1.3", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:47:13.401Z"}, "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/258"}], "source": {"discovery": "UNKNOWN"}, "title": "Information disclosure in ixray-1.6-stcop", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T21:06:55.259478Z", "id": "CVE-2026-24870", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:35:14.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24870", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T21:06:55.259478Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T21:06:58.274Z"}}], "cna": {"title": "Information disclosure in ixray-1.6-stcop", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ixray-team", "product": "ixray-1.6-stcop", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/258"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T15:47:13.401Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24870", "state": "PUBLISHED", "dateUpdated": "2026-01-27T21:35:14.884Z", "dateReserved": "2026-01-27T15:46:29.598Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T15:47:13.401Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ixray-team:ix-ray_engine_1.6:*:*:*:*:*:*:*:*", "matchCriteriaId": "33DE6259-5807-46DF-AB3C-8A8271716001", "versionEndExcluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}], "id": "CVE-2026-24870", "lastModified": "2026-02-05T17:02:00.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-27T16:16:36.377", "references": [{"source": "cve_disclosure@tech.gov.sg", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/258"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:11:22.254775+00:00", "value": {"mitigation_remediation": ["Upgrade ixray-1.6-stcop to version 1.3 or later to eliminate the disclosure.", "Ensure that only authorized users have access to sensitive data by implementing proper authentication and authorization controls.", "Audit configuration files and user permissions to prevent unauthorized actors from retrieving sensitive information."], "summary": {"action": "Upgrade", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "ixray-team ixray-1.6-stcop versions prior to 1.3 are affected. No other vendor or product variants are listed.", "description_and_impact": "The vulnerability is an information disclosure flaw (CWE-200) that allows an unauthorized actor to obtain sensitive data while using ixray-1.6-stcop. The flaw exposes confidential information, potentially compromising data confidentiality but does not appear to affect integrity or availability.", "risk_and_exploitability": "The CVSS score is 3.7, indicating a moderate impact. The EPSS score is below 1%, implying a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly stated in the advisory; it is inferred that an attacker must have some access to the system (either local or remote) to exploit the disclosure. No public exploit code is known."}}}}, "created": "2026-01-28T12:22:31.443672+00:00", "updated": "2026-04-18T02:15:05.891742+00:00", "vendors": ["ixray-team", "ixray-team$PRODUCT$ixray"]}