Back to overview

CVE-2026-46459

MEDIUM
5.3
CVSS 4.0
Description
ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029

Metadata

CVE ID
CVE-2026-46459
State
PUBLISHED
Assigner
CERT-PL
Reserved
2026-05-14 14:11 UTC
Published
2026-07-15 12:51 UTC
Last updated
2026-07-15 13:02 UTC
Primary CWE
CWE-862
CWE-862 Missing Authorization
Vendor / Product
ICU Scandinavia / Boomerang
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
ICU Scandinavia Boomerang 0 < 2.4.18.029
Weakness (CWE)
CWESourceDescription
CWE-862 cna CWE-862 Missing Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Back to overview