PULSE
LIVE15signals / 24h
FEED
ransomqilin reclama a PP+K · BR · Not Foundransomqilin reclama a Eana · AR · Not Foundransomqilin reclama a Synergy Products · TR · Not Foundransomnova reclama a meralmanisa · TR · Not Foundransomnova reclama a Dephub · ID · Not Foundransomnova reclama a Jota Joias Premium · BR · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcareransomqilin reclama a PP+K · BR · Not Foundransomqilin reclama a Eana · AR · Not Foundransomqilin reclama a Synergy Products · TR · Not Foundransomnova reclama a meralmanisa · TR · Not Foundransomnova reclama a Dephub · ID · Not Foundransomnova reclama a Jota Joias Premium · BR · Consumer Servicesransomqilin reclama a Don Tortaco Mexican Grill · US · Hospitality and Tourismransomqilin reclama a Associated Theatrical Contractors · US · Business Servicesransompayload reclama a CKR Consulting Engineers · Business Servicesransomblackout reclama a yano.tokyo · JP · Technologyransomblackout reclama a www.miatech.net · US · Technologyransomblackout reclama a bluebellgroup.com · GB · Not Foundransomthegentlemen reclama a Ecopetrol · CO · Energyransomqilin reclama a City Ambulance Service · Healthcare
← All CVEs
CVE WatchJul 13, 2026

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwor

CVSS

No CVSS

EPSS

0.4%

p34

KEV

Exploit Today

10

0-100

Published: Jul 13, 2026 · Last modified: Jul 13, 2026 · CWE-306

EPSS · 30d
0.4%EPSS · 30 days0.4%
2026-07-132026-07-19
Technical description

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI
100.0%
KEV80Langflow Missing Authentication Vulnerability5d
CVE-2024-116809.8 CRI
99.8%
KEV80ProjectSend Improper Authentication Vulnerability5d
CVE-2026-561645.3 MED
92.0%
KEV78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability5d
CVE-2026-468179.8 CRI
60.3%
KEV68Oracle E-Business Suite Improper Privilege Management Vulnerability4d
CVE-2022-245629.8 CRI
98.9%
30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.11d
CVE-2026-411769.8 CRI
98.2%
29Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.5d