Login Sign Up

CVE-2026-22644

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to steal authentication tokens when they are passed in URL query parameters, potentially enabling session hijacking and unauthorized access. It affects systems that handle authentication tokens insecurely via URLs, particularly those exposed to logging mechanisms like server logs, proxy logs, or Referer headers.

💻 Affected Systems

Products:
  • SICK products with vulnerable authentication implementations
Versions: Specific versions not detailed in provided references; consult vendor advisory for exact affected versions
Operating Systems: Not OS-specific; depends on affected products
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists when authentication tokens are passed as URL query parameters instead of secure headers like Authorization or cookies with secure flags.

📦 What is this software?

Incoming Goods Suite by Sick

View all CVEs affecting Incoming Goods Suite →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full unauthorized access to user accounts, potentially compromising sensitive data, performing malicious actions, or escalating privileges within affected systems.

🟠

Likely Case

Session hijacking leading to unauthorized access to user accounts, with potential data exposure or manipulation depending on application functionality.

🟢

If Mitigated

Limited impact with proper token handling and logging controls, potentially only exposing non-sensitive information or requiring additional exploitation steps.

🌐 Internet-Facing: HIGH - Internet-facing systems are vulnerable to token theft through various logging mechanisms and Referer headers when users click external links.
🏢 Internal Only: MEDIUM - Internal systems still risk token exposure through internal logging, but attack surface is reduced compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Attack involves token interception through logs or Referer headers rather than complex exploitation techniques.

Exploitation requires access to logs containing URL parameters or ability to capture Referer headers through user interaction with malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Consult SICK advisory for specific patched versions

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Review SICK advisory at provided URL. 2. Identify affected products and versions. 3. Apply vendor-provided patches or updates. 4. Restart affected services after patching. 5. Verify authentication tokens are no longer passed in URLs.

🔧 Temporary Workarounds

Disable URL parameter logging

all

Configure web servers and proxies to exclude query parameters from logs to prevent token exposure.

# Apache: Set LogFormat to exclude query string
# Nginx: Use $request_uri without $query_string in log_format

Implement secure token handling

all

Move authentication tokens from URL parameters to secure HTTP headers or secure cookies.

# Application code modification required
# Use Authorization headers or HttpOnly, Secure cookies

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to systems handling sensitive authentication
  • Deploy web application firewall rules to block requests with authentication tokens in URLs

🔍 How to Verify

Check if Vulnerable:

Inspect application traffic to see if authentication tokens appear in URL query parameters during requests.

Check Version:

Consult product documentation for version checking; typically via web interface or administrative commands specific to SICK products.

Verify Fix Applied:

Confirm authentication tokens are no longer visible in URL parameters and are instead in secure headers or cookies.

📡 Detection & Monitoring

Log Indicators:

  • URLs containing authentication tokens in query parameters in server/proxy logs
  • Referer headers containing authentication tokens

Network Indicators:

  • HTTP requests with authentication tokens visible in URL query strings

SIEM Query:

source="web_logs" AND url="*token=*" OR url="*auth=*" OR url="*session=*"

📊 Metadata

CVE ID: CVE-2026-22644
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-598
EPSS Score: 0.1% exploit probability (28.3th percentile)
Published: January 15, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22644, you might also want to check these:

CVE-2025-69270 9.8

This vulnerability in Broadcom DX NetOps Spectrum exposes sensitive information through query string...

Same vulnerability type (CWE-598)
CVE-2023-6014 9.8

This vulnerability allows unauthenticated attackers to create arbitrary user accounts in MLflow depl...

Same vulnerability type (CWE-598)
CVE-2021-36328 8.8

CVE-2021-36328 is a SQL injection vulnerability in Dell EMC Streaming Data Platform that allows remo...

Same vulnerability type (CWE-598)