CVE-2026-46458

Published Jul 15, 2026 Modified Jul 15, 2026 CWE-522

Description

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This issue has been fixed in version 2.4.18.029

Is your site exposed to CVE-2026-46458?

Run a free security scan — no signup, results in seconds.

Weakness Type (CWE)

CWE-522 CWE-522

References

Frequently Asked Questions

What is CVE-2026-46458? +
ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This issue has been fixed in version 2.4.18.029
How do I check if I'm vulnerable to CVE-2026-46458? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2026-46458 — free, no signup required.