MEDIUM
TheHive-Project
CVE published 2026-07-17
CVE-2026-63098
CVE-2026-63098 is an unauthenticated information disclosure vulnerability in TheHive through 4.1.24. The vulnerability allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler. Attackers can obtain the datastore attachment protection password, configured authenticat [truncated]