From f3aef26d0ec6f0b4f3b4be80678ddd337258de14 Mon Sep 17 00:00:00 2001
From: berkpseSICKAG <sercan.berkpinar@sick.de>
Date: Mon, 26 Jan 2026 16:03:40 +0100
Subject: [PATCH] Improve GHSA-xgcg-2hvp-fj6w

---
 .../GHSA-xgcg-2hvp-fj6w.json                  | 64 +++++++------------
 1 file changed, 23 insertions(+), 41 deletions(-)

diff --git a/advisories/unreviewed/2026/01/GHSA-xgcg-2hvp-fj6w/GHSA-xgcg-2hvp-fj6w.json b/advisories/unreviewed/2026/01/GHSA-xgcg-2hvp-fj6w/GHSA-xgcg-2hvp-fj6w.json
index 3466b213b726f..9c8081919e277 100644
--- a/advisories/unreviewed/2026/01/GHSA-xgcg-2hvp-fj6w/GHSA-xgcg-2hvp-fj6w.json
+++ b/advisories/unreviewed/2026/01/GHSA-xgcg-2hvp-fj6w/GHSA-xgcg-2hvp-fj6w.json
@@ -1,54 +1,36 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xgcg-2hvp-fj6w",
-  "modified": "2026-01-15T15:31:19Z",
+  "modified": "2026-01-15T15:31:33Z",
   "published": "2026-01-15T15:31:19Z",
   "aliases": [
     "CVE-2026-22638"
   ],
-  "details": "A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF. The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.",
-  "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
-    }
-  ],
-  "affected": [],
-  "references": [
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22638"
-    },
-    {
-      "type": "WEB",
-      "url": "https://sick.com/psirt"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.first.org/cvss/calculator/3.1"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.json"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0002.pdf"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
+  "summary": "CVE-2026-22638",
+  "details": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "SwiftURL",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
     }
   ],
+  "references": [],
   "database_specific": {
-    "cwe_ids": [
-      "CWE-601"
-    ],
-    "severity": "HIGH",
+    "cwe_ids": [],
+    "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-15T14:16:27Z"