Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Axivion by Qt

    CVE-2026-12379 (GCVE-0-2026-12379)

    Vulnerability from nvd – Published: 2026-07-16 15:32 – Updated: 2026-07-16 15:58
    VLAI
    Title
    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in the Dashboard OAuth/OIDC implementation of Axivion
    Summary
    An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qt Axivion Affected: 7.8.0 , ≤ 7.8.12 (python)
    Affected: 7.9.0 , ≤ 7.9.12 (python)
    Affected: 7.10.0 , ≤ 7.10.10 (python)
    Affected: 7.11.0 , ≤ 7.11.6 (python)
    Affected: 7.12.0 , ≤ 7.12.1 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T15:58:42.449159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:58:57.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Axivion",
              "vendor": "Qt",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.12",
                  "status": "affected",
                  "version": "7.8.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.9.12",
                  "status": "affected",
                  "version": "7.9.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.10.10",
                  "status": "affected",
                  "version": "7.10.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.11.6",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.8.12",
                      "versionStartIncluding": "7.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.9.12",
                      "versionStartIncluding": "7.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.10.10",
                      "versionStartIncluding": "7.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.11.6",
                      "versionStartIncluding": "7.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.12.1",
                      "versionStartIncluding": "7.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application\u0027s own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.\u003cbr\u003e"
                }
              ],
              "value": "An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application\u0027s own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            },
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T15:32:44.883Z",
            "orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
            "shortName": "TQtC"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12379"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u0026nbsp;Axivion\u0026nbsp;7.9.13, 7.10.11, 7.11.7, 7.12.2\u0026nbsp;or later.\u0026nbsp;"
                }
              ],
              "value": "Update to\u00a0Axivion\u00a07.9.13, 7.10.11, 7.11.7, 7.12.2\u00a0or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in the Dashboard OAuth/OIDC implementation of Axivion",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eDisable OIDC\u0026nbsp;\u003c/span\u003e\u003cspan\u003ein your Dashboard\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Disable OIDC\u00a0in your Dashboard"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eShut\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003edown\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003ethe\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eDashboard where OIDC is enabled\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Shut\u00a0down\u00a0the\u00a0Dashboard where OIDC is enabled"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
        "assignerShortName": "TQtC",
        "cveId": "CVE-2026-12379",
        "datePublished": "2026-07-16T15:32:44.883Z",
        "dateReserved": "2026-06-16T09:08:08.138Z",
        "dateUpdated": "2026-07-16T15:58:57.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12593 (GCVE-0-2026-12593)

    Vulnerability from nvd – Published: 2026-07-09 12:29 – Updated: 2026-07-09 14:20
    VLAI
    Title
    Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem
    Summary
    The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user (with more privileges than the attacker), the attacker knowing its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker would then have had to forge a token creation API request on behalf of the other user and could have authenticated and finalized the token creation with their own OAuth/OIDC credentials. In the worst case, this would mean an attacker could have become Dashboard Administrator and been able to perform all administrative actions if the preexisting internal user had administrative privileges. In combination with a separate weakness, this could have further led to code execution on the host system running the Dashboard with the privileges of the OS-User running the Dashboard server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qt Axivion Affected: 7.8.5 , ≤ 7.8.12 (custom)
    Affected: 7.9.0 , < 7.9.13 (custom)
    Affected: 7.10.0 , < 7.10.11 (custom)
    Affected: 7.11.0 , < 7.11.7 (custom)
    Affected: 7.12.0 , < 7.12.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12593",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:20:08.451329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:20:19.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Dashboard OIDC/OAuth2/SSO subsystem"
              ],
              "product": "Axivion",
              "vendor": "Qt",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.12",
                  "status": "affected",
                  "version": "7.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.9.13",
                  "status": "affected",
                  "version": "7.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.11",
                  "status": "affected",
                  "version": "7.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.11.7",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.12.2",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.8.12",
                      "versionStartIncluding": "7.8.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.9.13",
                      "versionStartIncluding": "7.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.10.11",
                      "versionStartIncluding": "7.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.11.7",
                      "versionStartIncluding": "7.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.12.2",
                      "versionStartIncluding": "7.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eThe implementation of an internal\u0026nbsp;and\u0026nbsp;undocumented\u0026nbsp;Dashboard\u0026nbsp;API endpoint\u0026nbsp;(POST /api/users/~/{user}/tokens)\u0026nbsp;forgot\u0026nbsp;to ensure an HTTP\u0026nbsp;request for creating an\u0026nbsp;API\u0026nbsp;Token for another\u0026nbsp;user had sufficient permission to do so.\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003ePrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker),\u0026nbsp;the attacker knowing\u0026nbsp;its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker\u0026nbsp;would then have\u0026nbsp;had\u0026nbsp;to forge a token creation\u0026nbsp;API\u0026nbsp;request\u0026nbsp;on behalf of the\u0026nbsp;other user and could have authenticated\u0026nbsp;and\u0026nbsp;finalized\u0026nbsp;the token creation\u0026nbsp;with their own\u0026nbsp;OAuth/OIDC\u0026nbsp;credentials. In the worst case, this would mean an attacker could\u0026nbsp;have\u0026nbsp;become Dashboard Administrator\u0026nbsp;and\u0026nbsp;been\u0026nbsp;able to\u0026nbsp;perform\u0026nbsp;all\u0026nbsp;administrative actions\u0026nbsp;if the preexisting internal user had administrative\u0026nbsp;privileges.\u0026nbsp;In combination with a separate weakness,\u0026nbsp;this could have\u0026nbsp;further\u0026nbsp;led\u0026nbsp;to code execution on the\u0026nbsp;host\u0026nbsp;system running the Dashboard with the privileges of the OS-User running the Dashboard\u0026nbsp;server.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "The implementation of an internal\u00a0and\u00a0undocumented\u00a0Dashboard\u00a0API endpoint\u00a0(POST /api/users/~/{user}/tokens)\u00a0forgot\u00a0to ensure an HTTP\u00a0request for creating an\u00a0API\u00a0Token for another\u00a0user had sufficient permission to do so.\n\n\n\n\n\nPrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker),\u00a0the attacker knowing\u00a0its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker\u00a0would then have\u00a0had\u00a0to forge a token creation\u00a0API\u00a0request\u00a0on behalf of the\u00a0other user and could have authenticated\u00a0and\u00a0finalized\u00a0the token creation\u00a0with their own\u00a0OAuth/OIDC\u00a0credentials. In the worst case, this would mean an attacker could\u00a0have\u00a0become Dashboard Administrator\u00a0and\u00a0been\u00a0able to\u00a0perform\u00a0all\u00a0administrative actions\u00a0if the preexisting internal user had administrative\u00a0privileges.\u00a0In combination with a separate weakness,\u00a0this could have\u00a0further\u00a0led\u00a0to code execution on the\u00a0host\u00a0system running the Dashboard with the privileges of the OS-User running the Dashboard\u00a0server."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authenticated Remote Privilege escalation. Any OIDC/OAuth authenticated user can become a Dashboard Administrator. By exploiting another weakness this can also lead to arbitrary code execution on the host-system running the Dashboard in the context of the OS-User used to run the Dashboard."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T12:29:47.260Z",
            "orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
            "shortName": "TQtC"
          },
          "references": [
            {
              "name": "Qt Group Internal Vulnerability Ticket",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12593"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpdate to one of the fixed releases: 7.9.13, 7.10.11, 7.11.7, or 7.12.2. There is no fixed release on the 7.8.x branch; deployments running 7.8.5-7.8.12 must migrate to one of the fixed releases.\u003c/p\u003e"
                }
              ],
              "value": "Update to one of the fixed releases: 7.9.13, 7.10.11, 7.11.7, or 7.12.2. There is no fixed release on the 7.8.x branch; deployments running 7.8.5-7.8.12 must migrate to one of the fixed releases."
            }
          ],
          "source": {
            "defectId": "BAUHAUS-30026",
            "discovery": "INTERNAL"
          },
          "title": "Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDisable the OIDC/OAuth2/SSO authentication feature or shut down the Dashboard server.\u003c/p\u003e"
                }
              ],
              "value": "Disable the OIDC/OAuth2/SSO authentication feature or shut down the Dashboard server."
            }
          ],
          "x_generator": {
            "engine": "Claude AI (Opus 4.8) - draft only, requires human validation before submission"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
        "assignerShortName": "TQtC",
        "cveId": "CVE-2026-12593",
        "datePublished": "2026-07-09T12:29:47.260Z",
        "dateReserved": "2026-06-18T09:26:17.599Z",
        "dateUpdated": "2026-07-09T14:20:19.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12379 (GCVE-0-2026-12379)

    Vulnerability from cvelistv5 – Published: 2026-07-16 15:32 – Updated: 2026-07-16 15:58
    VLAI
    Title
    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in the Dashboard OAuth/OIDC implementation of Axivion
    Summary
    An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qt Axivion Affected: 7.8.0 , ≤ 7.8.12 (python)
    Affected: 7.9.0 , ≤ 7.9.12 (python)
    Affected: 7.10.0 , ≤ 7.10.10 (python)
    Affected: 7.11.0 , ≤ 7.11.6 (python)
    Affected: 7.12.0 , ≤ 7.12.1 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-16T15:58:42.449159Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T15:58:57.361Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Axivion",
              "vendor": "Qt",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.12",
                  "status": "affected",
                  "version": "7.8.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.9.12",
                  "status": "affected",
                  "version": "7.9.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.10.10",
                  "status": "affected",
                  "version": "7.10.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.11.6",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "python"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.8.12",
                      "versionStartIncluding": "7.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.9.12",
                      "versionStartIncluding": "7.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.10.10",
                      "versionStartIncluding": "7.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.11.6",
                      "versionStartIncluding": "7.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.12.1",
                      "versionStartIncluding": "7.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application\u0027s own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow.\u003cbr\u003e"
                }
              ],
              "value": "An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application\u0027s own origin, so a user who follows a crafted login link can be sent to an untrusted external site after authenticating against the genuine Dashboard. Because the link points at the legitimate Dashboard, this can be abused for phishing, for example credential or second-factor theft via a convincing look-alike page. Exploitation requires the victim to follow the attacker-supplied link and complete the authentication flow."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            },
            {
              "capecId": "CAPEC-194",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-194 Fake the Source of Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-16T15:32:44.883Z",
            "orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
            "shortName": "TQtC"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12379"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u0026nbsp;Axivion\u0026nbsp;7.9.13, 7.10.11, 7.11.7, 7.12.2\u0026nbsp;or later.\u0026nbsp;"
                }
              ],
              "value": "Update to\u00a0Axivion\u00a07.9.13, 7.10.11, 7.11.7, 7.12.2\u00a0or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in the Dashboard OAuth/OIDC implementation of Axivion",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eDisable OIDC\u0026nbsp;\u003c/span\u003e\u003cspan\u003ein your Dashboard\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Disable OIDC\u00a0in your Dashboard"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eShut\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003edown\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003ethe\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eDashboard where OIDC is enabled\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Shut\u00a0down\u00a0the\u00a0Dashboard where OIDC is enabled"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
        "assignerShortName": "TQtC",
        "cveId": "CVE-2026-12379",
        "datePublished": "2026-07-16T15:32:44.883Z",
        "dateReserved": "2026-06-16T09:08:08.138Z",
        "dateUpdated": "2026-07-16T15:58:57.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12593 (GCVE-0-2026-12593)

    Vulnerability from cvelistv5 – Published: 2026-07-09 12:29 – Updated: 2026-07-09 14:20
    VLAI
    Title
    Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem
    Summary
    The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) forgot to ensure an HTTP request for creating an API Token for another user had sufficient permission to do so. Precondition for successful exploitation was a preexisting internal user (with more privileges than the attacker), the attacker knowing its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker would then have had to forge a token creation API request on behalf of the other user and could have authenticated and finalized the token creation with their own OAuth/OIDC credentials. In the worst case, this would mean an attacker could have become Dashboard Administrator and been able to perform all administrative actions if the preexisting internal user had administrative privileges. In combination with a separate weakness, this could have further led to code execution on the host system running the Dashboard with the privileges of the OS-User running the Dashboard server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qt Axivion Affected: 7.8.5 , ≤ 7.8.12 (custom)
    Affected: 7.9.0 , < 7.9.13 (custom)
    Affected: 7.10.0 , < 7.10.11 (custom)
    Affected: 7.11.0 , < 7.11.7 (custom)
    Affected: 7.12.0 , < 7.12.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12593",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:20:08.451329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:20:19.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Dashboard OIDC/OAuth2/SSO subsystem"
              ],
              "product": "Axivion",
              "vendor": "Qt",
              "versions": [
                {
                  "lessThanOrEqual": "7.8.12",
                  "status": "affected",
                  "version": "7.8.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.9.13",
                  "status": "affected",
                  "version": "7.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.11",
                  "status": "affected",
                  "version": "7.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.11.7",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.12.2",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "7.8.12",
                      "versionStartIncluding": "7.8.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.9.13",
                      "versionStartIncluding": "7.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.10.11",
                      "versionStartIncluding": "7.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.11.7",
                      "versionStartIncluding": "7.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:qt:axivion:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.12.2",
                      "versionStartIncluding": "7.12.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eThe implementation of an internal\u0026nbsp;and\u0026nbsp;undocumented\u0026nbsp;Dashboard\u0026nbsp;API endpoint\u0026nbsp;(POST /api/users/~/{user}/tokens)\u0026nbsp;forgot\u0026nbsp;to ensure an HTTP\u0026nbsp;request for creating an\u0026nbsp;API\u0026nbsp;Token for another\u0026nbsp;user had sufficient permission to do so.\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003ePrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker),\u0026nbsp;the attacker knowing\u0026nbsp;its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker\u0026nbsp;would then have\u0026nbsp;had\u0026nbsp;to forge a token creation\u0026nbsp;API\u0026nbsp;request\u0026nbsp;on behalf of the\u0026nbsp;other user and could have authenticated\u0026nbsp;and\u0026nbsp;finalized\u0026nbsp;the token creation\u0026nbsp;with their own\u0026nbsp;OAuth/OIDC\u0026nbsp;credentials. In the worst case, this would mean an attacker could\u0026nbsp;have\u0026nbsp;become Dashboard Administrator\u0026nbsp;and\u0026nbsp;been\u0026nbsp;able to\u0026nbsp;perform\u0026nbsp;all\u0026nbsp;administrative actions\u0026nbsp;if the preexisting internal user had administrative\u0026nbsp;privileges.\u0026nbsp;In combination with a separate weakness,\u0026nbsp;this could have\u0026nbsp;further\u0026nbsp;led\u0026nbsp;to code execution on the\u0026nbsp;host\u0026nbsp;system running the Dashboard with the privileges of the OS-User running the Dashboard\u0026nbsp;server.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "The implementation of an internal\u00a0and\u00a0undocumented\u00a0Dashboard\u00a0API endpoint\u00a0(POST /api/users/~/{user}/tokens)\u00a0forgot\u00a0to ensure an HTTP\u00a0request for creating an\u00a0API\u00a0Token for another\u00a0user had sufficient permission to do so.\n\n\n\n\n\nPrecondition for successful exploitation was a preexisting internal user (with more privileges than the attacker),\u00a0the attacker knowing\u00a0its login name and the attacker being able to authenticate to the Dashboard via OAuth/OIDC. The attacker\u00a0would then have\u00a0had\u00a0to forge a token creation\u00a0API\u00a0request\u00a0on behalf of the\u00a0other user and could have authenticated\u00a0and\u00a0finalized\u00a0the token creation\u00a0with their own\u00a0OAuth/OIDC\u00a0credentials. In the worst case, this would mean an attacker could\u00a0have\u00a0become Dashboard Administrator\u00a0and\u00a0been\u00a0able to\u00a0perform\u00a0all\u00a0administrative actions\u00a0if the preexisting internal user had administrative\u00a0privileges.\u00a0In combination with a separate weakness,\u00a0this could have\u00a0further\u00a0led\u00a0to code execution on the\u00a0host\u00a0system running the Dashboard with the privileges of the OS-User running the Dashboard\u00a0server."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Authenticated Remote Privilege escalation. Any OIDC/OAuth authenticated user can become a Dashboard Administrator. By exploiting another weakness this can also lead to arbitrary code execution on the host-system running the Dashboard in the context of the OS-User used to run the Dashboard."
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T12:29:47.260Z",
            "orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
            "shortName": "TQtC"
          },
          "references": [
            {
              "name": "Qt Group Internal Vulnerability Ticket",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://wiki.qt.io/List_of_known_vulnerabilities_in_Qt_products#CVE-2026-12593"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUpdate to one of the fixed releases: 7.9.13, 7.10.11, 7.11.7, or 7.12.2. There is no fixed release on the 7.8.x branch; deployments running 7.8.5-7.8.12 must migrate to one of the fixed releases.\u003c/p\u003e"
                }
              ],
              "value": "Update to one of the fixed releases: 7.9.13, 7.10.11, 7.11.7, or 7.12.2. There is no fixed release on the 7.8.x branch; deployments running 7.8.5-7.8.12 must migrate to one of the fixed releases."
            }
          ],
          "source": {
            "defectId": "BAUHAUS-30026",
            "discovery": "INTERNAL"
          },
          "title": "Privilege escalation via forged API token creation in Axivion Dashboard OIDC/OAuth2/SSO subsystem",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDisable the OIDC/OAuth2/SSO authentication feature or shut down the Dashboard server.\u003c/p\u003e"
                }
              ],
              "value": "Disable the OIDC/OAuth2/SSO authentication feature or shut down the Dashboard server."
            }
          ],
          "x_generator": {
            "engine": "Claude AI (Opus 4.8) - draft only, requires human validation before submission"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3",
        "assignerShortName": "TQtC",
        "cveId": "CVE-2026-12593",
        "datePublished": "2026-07-09T12:29:47.260Z",
        "dateReserved": "2026-06-18T09:26:17.599Z",
        "dateUpdated": "2026-07-09T14:20:19.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }