PatchSiren cyber security CVE debrief
CVE-2026-63098 TheHive-Project CVE debrief
CVE-2026-63098 is an unauthenticated information disclosure vulnerability in TheHive through 4.1.24. The vulnerability allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles without any credentials.
- Vendor
- TheHive-Project
- Product
- TheHive
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of TheHive version 4.1.24 or earlier should be aware of this vulnerability and take immediate action to protect their systems. This vulnerability is particularly concerning because it allows unauthenticated access to sensitive configuration data, which could be used to gain further access to the system or to plan a more targeted attack.
Technical summary
TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability. The vulnerability is located in the StatusCtrl.scala handler, which fails to enforce authentication for the /api/status endpoint. This allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to this endpoint. The sensitive data that can be obtained includes the datastore attachment protection password, configured authentication providers, SSO settings, MFA capabilities, and clustered node addresses and roles.
Defensive priority
High
Recommended defensive actions
- Immediately update TheHive to a version that fixes this vulnerability
- Restrict access to the /api/status endpoint to only authenticated users
- Monitor system logs for any suspicious activity related to the /api/status endpoint
- Consider implementing additional security measures such as IP blocking or rate limiting for the /api/status endpoint
- Perform a thorough review of system configurations and user access controls
- Verify that all sensitive data is properly encrypted and protected
- Conduct regular security audits to identify potential vulnerabilities
Evidence notes
The CVE record was published on 2026-07-17T16:17:16.947Z and was last modified on 2026-07-17T18:28:53.707Z. The NVD entry is currently Awaiting Analysis. There are references to a GitHub issue and a Vulncheck advisory that provide more information about this vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T16:17:16.947Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.