CVE-2026-8671

7.5 HIGH

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Expo...

Published: 2026-05-22 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
CWE: CWE-532

Affected products

Vendor	Product
avantra	avantra

Description

Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8671
[Vendor advisory]https://support.avantra.com/hc/en-us/articles/5535487249183

Related CVEs

Same vendor

CVE-2026-8673 — Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks (5.9 MEDIUM)
CVE-2026-8672 — Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords (5.1 MEDIUM)
CVE-2026-8670 — Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Re... (9.6 CRITICAL)

Same CWE

CVE-2026-0267 — An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)
CVE-2026-50205 — System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data (8.2 HIGH)