Vince · Vince · CVE-2026-8142
**Name of the Vulnerable Software and Affected Versions**
VINCE versions 3.0.38 and earlier
**Description**
Encoding confusion prevents the proper verification of the authenticity of the From address. This allows the From address to be used for unauthorized automated actions, such as ticket creation or ticket updates.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.