Galaxy Software Services Vitals ESP Missing Authentication Vulnerability (CVE-2026-4640)
Vitals ESP developed by Galaxy Software Services suffers from a missing authentication vulnerability (CVE-2026-4640), enabling unauthenticated remote attackers to execute functions and obtain sensitive information.
Galaxy Software Services’ Vitals ESP is susceptible to a missing authentication vulnerability, identified as CVE-2026-4640. This flaw allows attackers to bypass authentication mechanisms and remotely execute certain functions without proper authorization. Successful exploitation of this vulnerability enables attackers to access sensitive information stored within the Vitals ESP system. The vulnerability was disclosed on March 24, 2026. Given the lack of authentication required for exploitation…
Detection coverage 2
Detect Vitals ESP Unauthenticated Access
highDetects HTTP requests to Vitals ESP that lack authentication headers, indicating potential exploitation of CVE-2026-4640.
Detect Vitals ESP Sensitive Data Access
mediumDetects access to potentially sensitive endpoints on Vitals ESP server that don't require Authentication
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
2
url