VDB
CVE-2026-22644
CVE-2026-22644
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.
EPSS 0.03% · 9.6th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.03%
9.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sick | incoming_goods_suite | |
| SICK AG | Incoming Goods Suite | all versions, all versions |
Exploit Intelligence
- CIRCL seen: CVE-2026-22644 (circl-sighting)
- https://sick.com/psirt (circl)
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.first.org/cvss/calculator/3.1 (circl)
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json (circl)
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf (circl)
Timeline
- Jan 15, 2026 CVE Published
- Jan 15, 2026 PoC Published
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 30, 2026 EPSS Score
- Jan 30, 2026 CVE Updated
- Feb 2, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 8, 2026 EPSS Score
References
- https://sick.com/psirt url
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.first.org/cvss/calculator/3.1 url
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json url
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-22644 advisory