Common Weakness Enumeration

CWE-306

Allowed

Missing Authentication for Critical Function

Abstraction: Base · Status: Draft

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

3463 vulnerabilities reference this CWE, most recent first.

CVE-2026-10283 (GCVE-0-2026-10283)

Vulnerability from cvelistv5 – Published: 2026-06-01 18:45 – Updated: 2026-06-02 12:41
VLAI
Title
Bottelet DaybydayCRM Setting missing authentication
Summary
A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Bottelet DaybydayCRM Affected: 2.2.0
Affected: 2.2.1
    cpe:2.3:a:bottelet:daybydaycrm:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Mitchell_45 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T12:41:33.871573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T12:41:42.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:bottelet:daybydaycrm:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Setting Handler"
          ],
          "product": "DaybydayCRM",
          "vendor": "Bottelet",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mitchell_45 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T18:45:12.856Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367576 | Bottelet DaybydayCRM Setting missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/367576"
        },
        {
          "name": "VDB-367576 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367576/cti"
        },
        {
          "name": "CVE-2026-10283 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10283"
        },
        {
          "name": "Submit #825442 | Bottelet DaybydayCRM \u003c= 2.2.1 Improper Authorization",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/825442"
        },
        {
          "name": "Submit #825443 | Bottelet DaybydayCRM \u003c= 2.2.1 Mass Assignment (CWE-915) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/825443"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/Bottelet/DaybydayCRM/issues/348"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/Bottelet/DaybydayCRM/pull/363"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/Bottelet/DaybydayCRM/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-31T18:31:17.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Bottelet DaybydayCRM Setting missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10283",
    "datePublished": "2026-06-01T18:45:12.856Z",
    "dateReserved": "2026-05-31T16:25:59.369Z",
    "dateUpdated": "2026-06-02T12:41:42.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10281 (GCVE-0-2026-10281)

Vulnerability from cvelistv5 – Published: 2026-06-01 18:15 – Updated: 2026-06-01 21:19 X_Open Source
VLAI
Title
Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication
Summary
A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Enderfga claw-orchestrator Affected: 3.5.0
Affected: 3.5.1
Affected: 3.5.2
Affected: 3.5.3
Affected: 3.5.4
Affected: 3.5.5
Unaffected: 3.5.6
    cpe:2.3:a:enderfga:claw-orchestrator:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
ybdesire (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10281",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T21:19:23.470661Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T21:19:41.045Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:enderfga:claw-orchestrator:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "API Endpoint"
          ],
          "product": "claw-orchestrator",
          "vendor": "Enderfga",
          "versions": [
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.5.2"
            },
            {
              "status": "affected",
              "version": "3.5.3"
            },
            {
              "status": "affected",
              "version": "3.5.4"
            },
            {
              "status": "affected",
              "version": "3.5.5"
            },
            {
              "status": "unaffected",
              "version": "3.5.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ybdesire (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T18:15:10.669Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367574 | Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/367574"
        },
        {
          "name": "VDB-367574 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367574/cti"
        },
        {
          "name": "CVE-2026-10281 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10281"
        },
        {
          "name": "Submit #825429 | Enderfga claw-orchestrator v2.7.1-v3.5.5 Missing Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/825429"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/Enderfga/claw-orchestrator/issues/61"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/Enderfga/claw-orchestrator/commit/d0b02a800aa0689d9428cc4cc170e0b6589fb2c3"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/Enderfga/claw-orchestrator/releases/tag/v3.5.6"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/Enderfga/claw-orchestrator/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-31T18:23:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Enderfga claw-orchestrator API Endpoint embedded-server.ts EmbeddedServer missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10281",
    "datePublished": "2026-06-01T18:15:10.669Z",
    "dateReserved": "2026-05-31T16:18:35.986Z",
    "dateUpdated": "2026-06-01T21:19:41.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10243 (GCVE-0-2026-10243)

Vulnerability from cvelistv5 – Published: 2026-06-01 09:00 – Updated: 2026-06-01 15:23 X_Freeware
VLAI
Title
code-projects Smart Parking System Admin Endpoint missing authentication
Summary
A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
code-projects Smart Parking System Affected: 1.0
    cpe:2.3:a:code-projects:smart_parking_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
imad alvi (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10243",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T15:00:26.860506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T15:23:18.984Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:code-projects:smart_parking_system:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Admin Endpoint"
          ],
          "product": "Smart Parking System",
          "vendor": "code-projects",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "imad alvi (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T09:00:13.192Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-367521 | code-projects Smart Parking System Admin Endpoint missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/367521"
        },
        {
          "name": "VDB-367521 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/367521/cti"
        },
        {
          "name": "CVE-2026-10243 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10243"
        },
        {
          "name": "Submit #823871 | code-projects Smart Parking System In PHP With Source Code 1.0 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/823871"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/Xmyronn/smart-parking-system-broken-access.git"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://code-projects.org/"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-31T12:17:08.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "code-projects Smart Parking System Admin Endpoint missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10243",
    "datePublished": "2026-06-01T09:00:13.192Z",
    "dateReserved": "2026-05-31T10:12:00.665Z",
    "dateUpdated": "2026-06-01T15:23:18.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10054 (GCVE-0-2026-10054)

Vulnerability from cvelistv5 – Published: 2026-07-03 10:11 – Updated: 2026-07-07 03:56
VLAI
Summary
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit. As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication. A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1385 - Missing origin validation in WebSockets
  • CWE-306 - Missing authentication for critical function
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse Theia Affected: 1.8.1 , < 1.73.0 (semver)
Create a notification for this product.
Credits
Anwar Ayoob
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-07T03:56:07.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Eclipse Theia",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "1.73.0",
              "status": "affected",
              "version": "1.8.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Anwar Ayoob"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (\u003ccode\u003e/services/shell-terminal\u003c/code\u003e, \u003ccode\u003e/services/terminals/:id\u003c/code\u003e) without service-level authentication.\u003c/p\u003e\n\u003cp\u003eWebSocket origin validation in \u003ccode\u003e@theia/core\u003c/code\u003e is fail-open: connections are accepted when the \u003ccode\u003eOrigin\u003c/code\u003e header is missing or when no \u003ccode\u003eTHEIA_HOSTS\u003c/code\u003e allowlist is configured (the default). The Socket.IO integration additionally replaces the real \u003ccode\u003eOrigin\u003c/code\u003e header with a client-supplied \u003ccode\u003efix-origin\u003c/code\u003e header that an attacker can control or omit.\u003c/p\u003e\n\u003cp\u003eAs a result, a foreign-origin web page visited by a user with a running Theia instance can open the \u003ccode\u003e/services\u003c/code\u003e WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication.\u003c/p\u003e\n\u003cp\u003eA fix is in development that enforces same-origin validation by default, removes trust in the \u003ccode\u003efix-origin\u003c/code\u003e header, gates HTTP and WebSocket access on a \u003ccode\u003eSameSite=Strict; HttpOnly\u003c/code\u003e connection-token cookie, and sanitizes shell terminal creation options.\u003c/p\u003e"
            }
          ],
          "value": "In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication.\n\n\n\n\nWebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit.\n\n\n\n\nAs a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication.\n\n\n\n\nA fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-111",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-111 JSON Hijacking (aka JavaScript Hijacking)"
            }
          ]
        },
        {
          "capecId": "CAPEC-62",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-62 Cross Site Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385 Missing origin validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T10:11:32.446Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/eclipse-theia/theia/security/advisories/GHSA-78g8-vm3p-97c6"
        },
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/376"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2026-10054",
    "datePublished": "2026-07-03T10:11:32.446Z",
    "dateReserved": "2026-05-29T07:35:37.279Z",
    "dateUpdated": "2026-07-07T03:56:07.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9371 (GCVE-0-2026-9371)

Vulnerability from cvelistv5 – Published: 2026-05-24 09:45 – Updated: 2026-05-26 14:32
VLAI
Title
ItzCrazyKns Vane API route.ts missing authentication
Summary
A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
ItzCrazyKns Vane Affected: 1.12.0
Affected: 1.12.1
    cpe:2.3:a:itzcrazykns:vane:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Yu-Bao (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9371",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T14:32:41.430840Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T14:32:47.756Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:itzcrazykns:vane:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "API"
          ],
          "product": "Vane",
          "vendor": "ItzCrazyKns",
          "versions": [
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yu-Bao (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation is known to be difficult. The exploit has been disclosed publicly and may be used. It appears that basic authentication is planned."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-24T09:45:12.809Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-365334 | ItzCrazyKns Vane API route.ts missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/365334"
        },
        {
          "name": "VDB-365334 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/365334/cti"
        },
        {
          "name": "Submit #813209 | ItzCrazyKns Vane 1.12.1 API Key Exposure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/813209"
        },
        {
          "name": "Submit #813210 | ItzCrazyKns Vane 1.12.1 Missing Authentication for Critical Function (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/813210"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/ItzCrazyKns/Vane/issues/1122"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/ItzCrazyKns/Vane/issues/1123"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/ItzCrazyKns/Vane/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-23T16:05:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "ItzCrazyKns Vane API route.ts missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-9371",
    "datePublished": "2026-05-24T09:45:12.809Z",
    "dateReserved": "2026-05-23T13:49:07.801Z",
    "dateUpdated": "2026-05-26T14:32:47.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9212 (GCVE-0-2026-9212)

Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:03
VLAI
Title
Insufficient authentication and input validation in certain NETGEAR products
Summary
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing authentication for critical function
  • CWE-20 - Improper input validation
Assigner
Impacted products
Vendor Product Version
NETGEAR LBR1020 Affected: 0 , < V2.6.4.60 (custom)
Create a notification for this product.
NETGEAR LBR20 Affected: 0 , < V2.7.6.8 (custom)
Create a notification for this product.
NETGEAR R6700AX Affected: 0 , ≤ * (custom)
Create a notification for this product.
NETGEAR R7800 Affected: 0 , < V1.0.4.96 (custom)
Create a notification for this product.
NETGEAR R9000 Affected: 0 , < V1.0.6.46 (custom)
Create a notification for this product.
NETGEAR RAX10 Affected: 0 , < V1.0.5.50 (custom)
Create a notification for this product.
NETGEAR RAX10v2 Affected: 0 , < V1.0.5.50 (custom)
Create a notification for this product.
NETGEAR RAX120 Affected: 0 , < V1.2.10.56 (custom)
Create a notification for this product.
NETGEAR RAX120v1 Affected: 0 , < V1.2.10.56 (custom)
Create a notification for this product.
NETGEAR RAX120v2 Affected: 0 , < V1.2.10.56 (custom)
Create a notification for this product.
NETGEAR RAX36S Affected: 0 , < V1.0.5.50 (custom)
Create a notification for this product.
NETGEAR RAX70 Affected: 0 , < V1.0.19.172 (custom)
Create a notification for this product.
NETGEAR RAX78 Affected: 0 , < V1.0.19.172 (custom)
Create a notification for this product.
NETGEAR RBR10 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBR20 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBR350 Affected: 0 , < V4.4.2.1 (custom)
Create a notification for this product.
NETGEAR RBR40 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBR50 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBS10 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBS20 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBS350 Affected: 0 , < V4.4.2.1 (custom)
Create a notification for this product.
NETGEAR RBS40 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR RBS50 Affected: 0 , ≤ 2.7.6.6 (custom)
Create a notification for this product.
NETGEAR XR450 Affected: 0 , < V2.3.3.136 (custom)
Create a notification for this product.
NETGEAR XR500 Affected: 0 , < v2.3.3.136 (custom)
Create a notification for this product.
Date Public
2026-06-09 00:00
Credits
ZeroZenx Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9212",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T03:59:30.458680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T13:32:49.023Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LBR1020",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V2.6.4.60",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "LBR20",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V2.7.6.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "R6700AX",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "R7800",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.4.96",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "R9000",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.6.46",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX10",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.5.50",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX10v2",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.5.50",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX120",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.2.10.56",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX120v1",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.2.10.56",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX120v2",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.2.10.56",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX36S",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.5.50",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX70",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.19.172",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX78",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.19.172",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBR10",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBR20",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBR350",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V4.4.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBR40",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBR50",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS10",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS20",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS350",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V4.4.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS40",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS50",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThanOrEqual": "2.7.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XR450",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V2.3.3.136",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XR500",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "v2.3.3.136",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ZeroZenx Labs"
        }
      ],
      "datePublic": "2026-06-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient authentication and input validation in the\u0026nbsp;listed NETGEAR models allow users connected to the local network to execute commands impacting the product\u0027s confidentiality or change certain configurations.\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "Insufficient authentication and input validation in the\u00a0listed NETGEAR models allow users connected to the local network to execute commands impacting the product\u0027s confidentiality or change certain configurations."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T05:03:05.236Z",
        "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "shortName": "NETGEAR"
      },
      "references": [
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/lbr20/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/lbr1020/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/r6700ax/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/r9000/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/r7800/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax10/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax120/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax78/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax120v2/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax70/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr10/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr350/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr40/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr50/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs10/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs20/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax36s/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr20/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs50/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs350/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/xr500/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs40/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/xr450/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eLBR1020 (EoS)\u003c/b\u003e Orbi 4GX AC1200 Dual-Band Mesh WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/lbr1020/\"\u003eV2.6.4.60\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eLBR20\u003c/b\u003e Orbi LTE Tri-band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/lbr20/\"\u003eV2.7.6.8\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700AX (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7800 (EoS)\u003c/b\u003e Nighthawk X4S AC2600 Smart WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7800/\"\u003eV1.0.4.96\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR9000 (EoS)\u003c/b\u003e Nighthawk X10 AD7200 Smart WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r9000/\"\u003eV1.0.6.46\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX10\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax10/\"\u003eV1.0.5.50\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX10v2\u003c/b\u003e\u003c/td\u003e\u003ctd\u003eV1.0.5.50\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120 (EoS)\u003c/b\u003e Nighthawk AX12 12-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax120/\"\u003eV1.2.10.56\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v1 (EoS)\u003c/b\u003e\u003c/td\u003e\u003ctd\u003eV1.2.10.56\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v2\u003c/b\u003e Nighthawk AX12 12-Stream AX6000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax120v2/\"\u003eV1.2.10.56\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX36S\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax36s/\"\u003eV1.0.5.50\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX70\u003c/b\u003e Nighthawk Tri-band AX8 8-Stream AX6600 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax70/\"\u003eV1.0.19.172\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX78\u003c/b\u003e Nighthawk AX8 8-Stream AX6200 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax78/\"\u003eV1.0.19.172\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR10 (EoS)\u003c/b\u003e Orbi AC1200 Dual-Band Mesh WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR20 (EoS)\u003c/b\u003e Orbi AC2200 Tri-band WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR350\u003c/b\u003e Orbi AX1800 WiFi 6 Dual-band Mesh Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr350/\"\u003eV4.4.2.1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR40 (EoS)\u003c/b\u003e Orbi AC2200 Tri-band WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR50 (EoS)\u003c/b\u003e Orbi AC3000 Tri-band WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS10 (EoS)\u003c/b\u003e Orbi AC1200 Dual-Band Mesh WiFi Add-on Satellite\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS20 (EoS)\u003c/b\u003e Orbi AC2200 Tri-band WiFi Add-on Satellite\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS350\u003c/b\u003e Orbi AX1800 WiFi 6 Dual-band Mesh Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs350/\"\u003eV4.4.2.1\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS40 (EoS)\u003c/b\u003e Orbi AC2200 Tri-band WiFi Add-on Satellite\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS50 (EoS)\u003c/b\u003e Orbi AC3000 Tri-band WiFi Add-on Satellite\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR450 (EoS)\u003c/b\u003e Nighthawk Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr450/\"\u003eV2.3.3.136\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR500 (EoS)\u003c/b\u003e Nighthawk Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr500/\"\u003ev2.3.3.136\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
            }
          ],
          "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionLBR1020 (EoS) Orbi 4GX AC1200 Dual-Band Mesh WiFi Router V2.6.4.60 https://www.netgear.com/support/product/lbr1020/ LBR20 Orbi LTE Tri-band WiFi Router V2.7.6.8 https://www.netgear.com/support/product/lbr20/ R6700AX (EoS) 4-Stream AX1800 WiFi 6 RouterEOSR7800 (EoS) Nighthawk X4S AC2600 Smart WiFi Router V1.0.4.96 https://www.netgear.com/support/product/r7800/ R9000 (EoS) Nighthawk X10 AD7200 Smart WiFi Router V1.0.6.46 https://www.netgear.com/support/product/r9000/ RAX10 4-Stream AX1800 WiFi 6 Router V1.0.5.50 https://www.netgear.com/support/product/rax10/ RAX10v2V1.0.5.50RAX120 (EoS) Nighthawk AX12 12-Stream WiFi Router V1.2.10.56 https://www.netgear.com/support/product/rax120/ RAX120v1 (EoS)V1.2.10.56RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.10.56 https://www.netgear.com/support/product/rax120v2/ RAX36S Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.5.50 https://www.netgear.com/support/product/rax36s/ RAX70 Nighthawk Tri-band AX8 8-Stream AX6600 WiFi 6 Router V1.0.19.172 https://www.netgear.com/support/product/rax70/ RAX78 Nighthawk AX8 8-Stream AX6200 Tri-Band WiFi Router V1.0.19.172 https://www.netgear.com/support/product/rax78/ RBR10 (EoS) Orbi AC1200 Dual-Band Mesh WiFi RouterEOSRBR20 (EoS) Orbi AC2200 Tri-band WiFi RouterEOSRBR350 Orbi AX1800 WiFi 6 Dual-band Mesh Router V4.4.2.1 https://www.netgear.com/support/product/rbr350/ RBR40 (EoS) Orbi AC2200 Tri-band WiFi RouterEOSRBR50 (EoS) Orbi AC3000 Tri-band WiFi RouterEOSRBS10 (EoS) Orbi AC1200 Dual-Band Mesh WiFi Add-on SatelliteEOSRBS20 (EoS) Orbi AC2200 Tri-band WiFi Add-on SatelliteEOSRBS350 Orbi AX1800 WiFi 6 Dual-band Mesh Add-on Satellite V4.4.2.1 https://www.netgear.com/support/product/rbs350/ RBS40 (EoS) Orbi AC2200 Tri-band WiFi Add-on SatelliteEOSRBS50 (EoS) Orbi AC3000 Tri-band WiFi Add-on SatelliteEOSXR450 (EoS) Nighthawk Pro Gaming Router V2.3.3.136 https://www.netgear.com/support/product/xr450/ XR500 (EoS) Nighthawk Pro Gaming Router v2.3.3.136 https://www.netgear.com/support/product/xr500/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient authentication and input validation in certain NETGEAR products",
      "x_generator": {
        "engine": "Vulnogram 1.0.3"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
    "assignerShortName": "NETGEAR",
    "cveId": "CVE-2026-9212",
    "datePublished": "2026-06-09T15:50:53.044Z",
    "dateReserved": "2026-05-21T17:29:04.787Z",
    "dateUpdated": "2026-06-11T05:03:05.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9202 (GCVE-0-2026-9202)

Vulnerability from cvelistv5 – Published: 2026-07-17 17:33 – Updated: 2026-07-17 19:39
VLAI
Title
Unauthenticated User Registration Could Lead to Remote Code Execution
Summary
IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7278929 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Langflow OSS Affected: 1.0.0 , ≤ 1.10.0 (semver)
    cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9202",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-17T19:38:48.339356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-17T19:39:00.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:langflow_oss:1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:langflow_oss:1.10.0:*:*:*:*:*:*:*"
          ],
          "product": "Langflow OSS",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.10.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.\u003c/p\u003e"
            }
          ],
          "value": "IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T17:33:20.083Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7278929"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading \u003ca href=\"https://pypi.org/project/langflow/\" rel=\"nofollow\"\u003eLangflow OSS to version 1.10.1\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading  Langflow OSS to version 1.10.1 https://pypi.org/project/langflow/"
        }
      ],
      "title": "Unauthenticated User Registration Could Lead to Remote Code Execution",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-9202",
    "datePublished": "2026-07-17T17:33:20.083Z",
    "dateReserved": "2026-05-21T15:53:52.649Z",
    "dateUpdated": "2026-07-17T19:39:00.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9152 (GCVE-0-2026-9152)

Vulnerability from cvelistv5 – Published: 2026-05-21 00:47 – Updated: 2026-05-21 12:41 Exclusively Hosted Service
VLAI
Title
Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction
Summary
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's identifier can interact with that workspace's search index, crossing tenant boundaries. Successful exploitation allows reading a workspace's indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing authentication for critical function
  • CWE-639 - Authorization bypass through User-Controlled key
Assigner
Impacted products
Date Public
2026-05-20 23:50
Credits
Joris Aerts, Tesla Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9152",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T12:41:26.148624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T12:41:39.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "SearchService (SOAP endpoint)"
          ],
          "platforms": [
            "Web"
          ],
          "product": "Altium 365",
          "vendor": "Altium"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joris Aerts, Tesla Inc."
        }
      ],
      "datePublic": "2026-05-20T23:50:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace\u0027s identifier can interact with that workspace\u0027s search index, crossing tenant boundaries.\u003c/p\u003e\n\u003cp\u003eSuccessful exploitation allows reading a workspace\u0027s indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected.\u003c/p\u003e"
            }
          ],
          "value": "A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace\u0027s identifier can interact with that workspace\u0027s search index, crossing tenant boundaries.\n\n\n\n\nSuccessful exploitation allows reading a workspace\u0027s indexed contents (such as component data, project and folder names, and user metadata) and injecting, modifying, or deleting search index entries. These operations affect the search index only, not the underlying vault data, but they can disclose sensitive workspace information and compromise the integrity and availability of search results. Altium 365 cloud deployments are affected; on-premise Altium Enterprise Server is not affected."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization bypass through User-Controlled key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-21T00:47:24.365Z",
        "orgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
        "shortName": "Altium"
      },
      "references": [
        {
          "url": "https://www.altium.com/platform/security-compliance/security-advisories"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
    "assignerShortName": "Altium",
    "cveId": "CVE-2026-9152",
    "datePublished": "2026-05-21T00:47:24.365Z",
    "dateReserved": "2026-05-20T23:26:29.928Z",
    "dateUpdated": "2026-05-21T12:41:39.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9142 (GCVE-0-2026-9142)

Vulnerability from cvelistv5 – Published: 2026-06-19 13:41 – Updated: 2026-06-22 19:29
VLAI
Title
Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present
Summary
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing authentication for critical function
Assigner
NI
Impacted products
Vendor Product Version
NI grpc-device Affected: 0 , ≤ 2.17.0 (semver)
Create a notification for this product.
NI InstrumentStudio Affected: 0 , ≤ 26.3.0 (semver)
Create a notification for this product.
Credits
Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T19:29:24.594424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T19:29:31.269Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "grpc-device",
          "vendor": "NI",
          "versions": [
            {
              "lessThanOrEqual": "2.17.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "InstrumentStudio",
          "vendor": "NI",
          "versions": [
            {
              "lessThanOrEqual": "26.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ni:grpc-device:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.17.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ni:instrumentstudio:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "26.3.0",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u0026nbsp; This may allow an unauthenticated user access to the server on the local network.\u0026nbsp; This affects NI grpc-device 2.17.0 and prior versions.\u003c/p\u003e"
            }
          ],
          "value": "There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.\u00a0 This may allow an unauthenticated user access to the server on the local network.\u00a0 This affects NI grpc-device 2.17.0 and prior versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T13:41:26.730Z",
        "orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
        "shortName": "NI"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/2026/multiple-vulnerabilities-in-ni-grpc-device-server.html"
        },
        {
          "url": "https://github.com/ni/grpc-device/security/advisories/GHSA-fhhw-37q8-6562"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4",
    "assignerShortName": "NI",
    "cveId": "CVE-2026-9142",
    "datePublished": "2026-06-19T13:41:26.730Z",
    "dateReserved": "2026-05-20T19:51:58.847Z",
    "dateUpdated": "2026-06-22T19:29:31.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9141 (GCVE-0-2026-9141)

Vulnerability from cvelistv5 – Published: 2026-05-20 19:52 – Updated: 2026-05-21 12:18
VLAI
Title
Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface
Summary
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
Vendor Product Version
Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Affected: Rev 7.3 (custom)
Affected: Rev 8 (custom)
Affected: UM-AG1000_R7.2 (custom)
Create a notification for this product.
Date Public
2026-05-20 20:00
Credits
Muhammad Imam Baguna Muhammad Imam Baguna
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9141",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T12:17:59.307105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T12:18:43.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AG1000-01A SMS Alert Gateway",
          "vendor": "Taiko Network Communications Pte Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Rev 7.3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "Rev 8",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UM-AG1000_R7.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Imam Baguna"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Muhammad Imam Baguna"
        }
      ],
      "datePublic": "2026-05-20T20:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTaiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions.\u003c/p\u003e"
            }
          ],
          "value": "Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session management or server-side authentication checks. Attackers with network access can directly request internal resources such as index.zhtml, point.zhtml, and log.shtml to gain full administrative read and write access, enabling unauthorized modification of alarm routing, device configuration, and disruption of monitoring and control functions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T19:52:40.322Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Ledger Security Bulletin 019",
          "tags": [
            "technical-description"
          ],
          "url": "https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-authentication-bypass-via-web-interface"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Taiko AG1000-01A Rev 7.3/8 Authentication Bypass via Web Interface"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-9141",
    "datePublished": "2026-05-20T19:52:40.322Z",
    "dateReserved": "2026-05-20T19:42:57.673Z",
    "dateUpdated": "2026-05-21T12:18:43.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.
  • Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected, including those channels that are assumed to be accessible only by authorized parties. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.
  • In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation
Architecture and Design
  • Where possible, avoid implementing custom, "grow-your-own" authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These capabilities may avoid common weaknesses that are unique to authentication; support automatic auditing and tracking; and make it easier to provide a clear separation between authentication tasks and authorization tasks.
  • In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly.
Mitigation MIT-4.5
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45].
Mitigation
Implementation System Configuration Operation

When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to require strong authentication for users who should be allowed to access the data [REF-1297] [REF-1298] [REF-1302].

CAPEC-12: Choosing Message Identifier

This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.

CAPEC-166: Force the System to Reset Values

An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions.

CAPEC-216: Communication Channel Manipulation

An adversary manipulates a setting or parameter on communications channel in order to compromise its security. This can result in information exposure, insertion/removal of information from the communications stream, and/or potentially system compromise.

CAPEC-36: Using Unpublished Interfaces or Functionality

An adversary searches for and invokes interfaces or functionality that the target system designers did not intend to be publicly available. If interfaces fail to authenticate requests, the attacker may be able to invoke functionality they are not authorized for.

CAPEC-62: Cross Site Request Forgery

An attacker crafts malicious web links and distributes them (via web pages, email, etc.), typically in a targeted manner, hoping to induce users to click on the link and execute the malicious action against some third-party application. If successful, the action embedded in the malicious link will be processed and accepted by the targeted application with the users' privilege level. This type of attack leverages the persistence and implicit trust placed in user session cookies by many web applications today. In such an architecture, once the user authenticates to an application and a session cookie is created on the user's system, all following transactions for that session are authenticated using that cookie including potential actions initiated by an attacker and simply "riding" the existing session cookie.