CVE-2026-22644

High

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs,…

SICK AG·CWE-598·Published 2026-01-15

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

256 chars

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

NVDen

256 chars

NVDes

309 chars

Ciertas solicitudes pasan el token de autenticación en la URL como parámetro de consulta de cadena, haciéndolo vulnerable al robo a través de registros del servidor, registros de proxy y encabezados Referer, lo que podría permitir a un atacante secuestrar la sesión del usuario y obtener acceso no autorizado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N