{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4733", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T02:52:17.117Z", "datePublished": "2026-03-24T02:52:45.529Z", "dateUpdated": "2026-03-24T18:27:50.320Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T02:52:45.529Z"}, "title": "Information disclosure in ixray-1.6-stcop", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "affected": [{"vendor": "ixray-team", "product": "ixray-1.6-stcop", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>"}]}], "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/259"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:27:43.983472Z", "id": "CVE-2026-4733", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:27:50.320Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4733", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:27:43.983472Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:27:47.687Z"}}], "cna": {"title": "Information disclosure in ixray-1.6-stcop", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ixray-team", "product": "ixray-1.6-stcop", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/259"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.<p>This issue affects ixray-1.6-stcop: before 1.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T02:52:45.529Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4733", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:27:50.320Z", "dateReserved": "2026-03-24T02:52:17.117Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T02:52:45.529Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3."}, {"lang": "es", "value": "Vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n Sensible a un Actor No Autorizado en ixray-team ixray-1.6-stcop. Este problema afecta a ixray-1.6-stcop: anterior a 1.3."}], "id": "CVE-2026-4733", "lastModified": "2026-04-30T16:01:57.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T04:17:25.763", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/ixray-team/ixray-1.6-stcop/pull/259"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ixray-1.6-stcop", "source": "cna", "vendor": "ixray-team"}, "product": "ixray-1.6-stcop", "vendor": "ixray-team"}], "analysis": {"en": {"generated_at": "2026-03-24T04:22:49.011217+00:00", "value": {"mitigation_remediation": ["Upgrade the ixray\u20111.6\u2011stcop installation to version 1.3 or later to eliminate the disclosure flaw.", "If an upgrade is not immediately feasible, restrict network access to the ixray\u20111.6\u2011stcop instance and enforce strict authentication and authorization controls to limit exposure of sensitive data.", "Continuously monitor application logs for anomalous read operations or unauthorized data access patterns and respond to any detected incidents promptly."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is ixray\u20111.6\u2011stcop from the ixray\u2011team, with all releases prior to version 1.3 vulnerable. Specifically, any deployment of ixray\u20111.6\u2011stcop before version 1.3 is impacted and should be considered at risk until an upgrade is applied.", "description_and_impact": "The vulnerability in ixray-1.6-stcop permits an unauthorized actor to access sensitive information that should be protected, representing a data breach scenario typical of information disclosure flaws. This issue maps to the common weakness enumeration CWE\u2011200 and allows an adversary to read data beyond their privileges, potentially compromising confidentiality.", "risk_and_exploitability": "The reported CVSS score of 5.3 indicates moderate severity; no EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires the attacker to have access to the ixray\u20111.6\u2011stcop environment or an exposed endpoint, but no detailed attack vector is provided. Because the flaw discloses sensitive data, it can result in significant privacy or reputational damage if leveraged."}}}}, "created": "2026-03-24T10:29:19.081085+00:00", "updated": "2026-03-25T20:40:24.339857+00:00", "vendors": ["ixray-team", "ixray-team$PRODUCT$ixray-1.6-stcop"]}