Overview
CVE ID: CVE-2026-8673
Severity: Medium
CVSS Score: 5.9
Affected Product(s): Avantra
Fixed Version(s): 25.3.x
Description
Unprotected transport of credentials vulnerability in Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0
Impact
Vector: Network
Confidentiality: High
Integrity: High
Availability: None
Exploitation Status: No known exploits in the wild
Solution & Mitigation
Primary Action: Upgrade to version 25.3.x
Mitigation: Remove ‘${password}’ from e-mail template
NewUserEmailPassword setting in Administration > Settings > Avantra UI
References
Contact & Credits
Reported by: Special thanks to Vicxer Inc. for identifying this vulnerability and working with us to strengthen our platform’s security.
Support: support@avantra.com
We, at Avantra, take the security of our software and our customers very seriously and it is our top priority. We will keep you up to date as more information becomes available and encourage customers to subscribe to the security section of our forum to get proactive updates as we post them.