Overview
CVE ID: CVE-2026-8671
Severity: High
CVSS Score: 7.5
Affected Product(s): Avantra
Fixed Version(s): 25.3.x
Description
Insertion of sensitive information into log file vulnerability in Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0
Impact
Vector: Adjacent
Confidentiality: Low
Integrity: High
Availability: Low
Exploitation Status: No known exploits in the wild
Solution & Mitigation
Primary Action: Upgrade to version 25.3.x
Mitigation: review setup of Avantra Agent user (e.g. only user with access to log files), review permissions on Avantra UI (e.g. non-administrative users do not have permission “Download Agent Log Files” set.
References
Contact & Credits
Reported by: Special thanks to Vicxer Inc. for identifying this vulnerability and working with us to strengthen our platform’s security.
Support: support@avantra.com
We, at Avantra, take the security of our software and our customers very seriously and it is our top priority. We will keep you up to date as more information becomes available and encourage customers to subscribe to the security section of our forum to get proactive updates as we post them.