Common Weakness Enumeration

CWE-798

Allowed-with-Review

Use of Hard-coded Credentials

Abstraction: Base · Status: Draft

The product contains hard-coded credentials, such as a password or cryptographic key.

2173 vulnerabilities reference this CWE, most recent first.

CVE-2026-21404 (GCVE-0-2026-21404)

Vulnerability from cvelistv5 – Published: 2026-06-04 19:44 – Updated: 2026-06-05 18:26
VLAI
Title
NAVTOR NavBox Use of Hard-coded Credentials
Summary
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
NAVTOR NavBox Affected: 0 , ≤ 4.16.1.20 (custom)
Unaffected: 4.17.2.6
Create a notification for this product.
Date Public
2026-06-04 17:00
Credits
Cydome Security Ltd reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:25:51.749669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:26:01.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NavBox",
          "vendor": "NAVTOR",
          "versions": [
            {
              "lessThanOrEqual": "4.16.1.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "4.17.2.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cydome Security Ltd reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2026-06-04T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths."
            }
          ],
          "value": "NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T19:44:53.466Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NAVTOR has released a patch for NavBox in April 2026.  Version 4.17.2.6 and later includes the fix. Users that have an active NavBox connection will automatically be kept up to date with the latest version. No user action required."
            }
          ],
          "value": "NAVTOR has released a patch for NavBox in April 2026.  Version 4.17.2.6 and later includes the fix. Users that have an active NavBox connection will automatically be kept up to date with the latest version. No user action required."
        }
      ],
      "source": {
        "advisory": "ICSA-26-155-01",
        "discovery": "EXTERNAL"
      },
      "title": "NAVTOR NavBox Use of Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-21404",
    "datePublished": "2026-06-04T19:44:53.466Z",
    "dateReserved": "2026-01-27T23:33:47.825Z",
    "dateUpdated": "2026-06-05T18:26:01.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20111 (GCVE-0-2026-20111)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:11 – Updated: 2026-02-04 16:41
VLAI
Title
Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Prime Infrastructure Affected: 3.0.0
Affected: 3.1.0
Affected: 3.1.5
Affected: 2.1
Affected: 2.0.0
Affected: 3.6.0
Affected: 3.7.0
Affected: 3.4.0
Affected: 3.3.0
Affected: 3.2
Affected: 3.5.0
Affected: 3.2.0-FIPS
Affected: 2.2
Affected: 3.8.0-FED
Affected: 3.9.0
Affected: 3.8.0
Affected: 3.10.0
Affected: 3.1.1
Affected: 2.1.2
Affected: 2.2.1
Affected: 2.2.0
Affected: 3.0.2
Affected: 3.0.3
Affected: 3.0.1
Affected: 2.2.2
Affected: 2.2.3
Affected: 2.1.0
Affected: 2.1.1
Affected: 3.9.1
Affected: 2.0.10
Affected: 3.8.1
Affected: 3.7.1
Affected: 3.5.1
Affected: 3.4.2
Affected: 3.3.1
Affected: 3.1.7
Affected: 3.2.1
Affected: 3.2.2
Affected: 3.1.6
Affected: 3.1.2
Affected: 3.4.1
Affected: 3.1.3
Affected: 3.1.4
Affected: 3.0.6
Affected: 2.2.10
Affected: 3.0.4
Affected: 3.0.5
Affected: 2.1.56
Affected: 2.2.4
Affected: 2.2.9
Affected: 2.2.8
Affected: 2.2.5
Affected: 2.2.7
Affected: 2.0.39
Affected: 3.8_DP1
Affected: 3.9_DP1
Affected: 3.7_DP2
Affected: 3.6_DP1
Affected: 3.5_DP4
Affected: 3.5_DP2
Affected: 3.4_DP10
Affected: 3.7_DP1
Affected: 3.5_DP3
Affected: 3.4_DP11
Affected: 3.5_DP1
Affected: 3.4_DP8
Affected: 3.4_DP1
Affected: 3.4_DP3
Affected: 3.4_DP5
Affected: 3.4_DP2
Affected: 3.4_DP7
Affected: 3.4_DP6
Affected: 3.3_DP4
Affected: 3.4_DP4
Affected: 3.4_DP9
Affected: 3.1_DP16
Affected: 3.3_DP2
Affected: 3.3_DP3
Affected: 3.1_DP15
Affected: 3.3_DP1
Affected: 3.1_DP13
Affected: 3.2_DP2
Affected: 3.2_DP1
Affected: 3.2_DP3
Affected: 3.1_DP14
Affected: 3.2_DP4
Affected: 3.1_DP7
Affected: 3.1_DP10
Affected: 3.1_DP11
Affected: 3.1_DP4
Affected: 3.1_DP6
Affected: 3.1_DP12
Affected: 3.1_DP5
Affected: 3.0.7
Affected: 3.1_DP9
Affected: 3.1_DP8
Affected: 3.10_DP1
Affected: 3.10.2
Affected: 3.10.3
Affected: 3.10
Affected: 3.10.1
Affected: 3.7.1 Update 03
Affected: 3.7.1 Update 04
Affected: 3.7.1 Update 06
Affected: 3.7.1 Update 07
Affected: 3.8.1 Update 01
Affected: 3.8.1 Update 02
Affected: 3.8.1 Update 03
Affected: 3.8.1 Update 04
Affected: 3.9.1 Update 01
Affected: 3.9.1 Update 02
Affected: 3.9.1 Update 03
Affected: 3.9.1 Update 04
Affected: 3.10 Update 01
Affected: 3.4.2 Update 01
Affected: 3.6.0 Update 04
Affected: 3.6.0 Update 02
Affected: 3.6.0 Update 03
Affected: 3.6.0 Update 01
Affected: 3.5.1 Update 03
Affected: 3.5.1 Update 01
Affected: 3.5.1 Update 02
Affected: 3.7.0 Update 03
Affected: 2.2.3 Update 05
Affected: 2.2.3 Update 04
Affected: 2.2.3 Update 06
Affected: 2.2.3 Update 03
Affected: 2.2.3 Update 02
Affected: 2.2.1 Update 01
Affected: 2.2.2 Update 03
Affected: 2.2.2 Update 04
Affected: 3.8.0 Update 01
Affected: 3.8.0 Update 02
Affected: 3.7.1 Update 01
Affected: 3.7.1 Update 02
Affected: 3.7.1 Update 05
Affected: 3.9.0 Update 01
Affected: 3.3.0 Update 01
Affected: 3.4.1 Update 02
Affected: 3.4.1 Update 01
Affected: 3.5.0 Update 03
Affected: 3.5.0 Update 01
Affected: 3.5.0 Update 02
Affected: 3.10.4
Affected: 3.10.4 Update 01
Affected: 3.10.4 Update 02
Affected: 3.10.4 Update 03
Affected: 3.10.5
Affected: 3.10.6
Affected: 3.10.6 Update 01
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T16:41:28.347358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T16:41:39.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "status": "affected",
              "version": "3.7.0"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.2.0-FIPS"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "3.8.0-FED"
            },
            {
              "status": "affected",
              "version": "3.9.0"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            },
            {
              "status": "affected",
              "version": "3.10.0"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "2.1.2"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.3"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "2.2.3"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1"
            },
            {
              "status": "affected",
              "version": "2.0.10"
            },
            {
              "status": "affected",
              "version": "3.8.1"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.4.2"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.1.7"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.1.6"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "3.0.6"
            },
            {
              "status": "affected",
              "version": "2.2.10"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "2.1.56"
            },
            {
              "status": "affected",
              "version": "2.2.4"
            },
            {
              "status": "affected",
              "version": "2.2.9"
            },
            {
              "status": "affected",
              "version": "2.2.8"
            },
            {
              "status": "affected",
              "version": "2.2.5"
            },
            {
              "status": "affected",
              "version": "2.2.7"
            },
            {
              "status": "affected",
              "version": "2.0.39"
            },
            {
              "status": "affected",
              "version": "3.8_DP1"
            },
            {
              "status": "affected",
              "version": "3.9_DP1"
            },
            {
              "status": "affected",
              "version": "3.7_DP2"
            },
            {
              "status": "affected",
              "version": "3.6_DP1"
            },
            {
              "status": "affected",
              "version": "3.5_DP4"
            },
            {
              "status": "affected",
              "version": "3.5_DP2"
            },
            {
              "status": "affected",
              "version": "3.4_DP10"
            },
            {
              "status": "affected",
              "version": "3.7_DP1"
            },
            {
              "status": "affected",
              "version": "3.5_DP3"
            },
            {
              "status": "affected",
              "version": "3.4_DP11"
            },
            {
              "status": "affected",
              "version": "3.5_DP1"
            },
            {
              "status": "affected",
              "version": "3.4_DP8"
            },
            {
              "status": "affected",
              "version": "3.4_DP1"
            },
            {
              "status": "affected",
              "version": "3.4_DP3"
            },
            {
              "status": "affected",
              "version": "3.4_DP5"
            },
            {
              "status": "affected",
              "version": "3.4_DP2"
            },
            {
              "status": "affected",
              "version": "3.4_DP7"
            },
            {
              "status": "affected",
              "version": "3.4_DP6"
            },
            {
              "status": "affected",
              "version": "3.3_DP4"
            },
            {
              "status": "affected",
              "version": "3.4_DP4"
            },
            {
              "status": "affected",
              "version": "3.4_DP9"
            },
            {
              "status": "affected",
              "version": "3.1_DP16"
            },
            {
              "status": "affected",
              "version": "3.3_DP2"
            },
            {
              "status": "affected",
              "version": "3.3_DP3"
            },
            {
              "status": "affected",
              "version": "3.1_DP15"
            },
            {
              "status": "affected",
              "version": "3.3_DP1"
            },
            {
              "status": "affected",
              "version": "3.1_DP13"
            },
            {
              "status": "affected",
              "version": "3.2_DP2"
            },
            {
              "status": "affected",
              "version": "3.2_DP1"
            },
            {
              "status": "affected",
              "version": "3.2_DP3"
            },
            {
              "status": "affected",
              "version": "3.1_DP14"
            },
            {
              "status": "affected",
              "version": "3.2_DP4"
            },
            {
              "status": "affected",
              "version": "3.1_DP7"
            },
            {
              "status": "affected",
              "version": "3.1_DP10"
            },
            {
              "status": "affected",
              "version": "3.1_DP11"
            },
            {
              "status": "affected",
              "version": "3.1_DP4"
            },
            {
              "status": "affected",
              "version": "3.1_DP6"
            },
            {
              "status": "affected",
              "version": "3.1_DP12"
            },
            {
              "status": "affected",
              "version": "3.1_DP5"
            },
            {
              "status": "affected",
              "version": "3.0.7"
            },
            {
              "status": "affected",
              "version": "3.1_DP9"
            },
            {
              "status": "affected",
              "version": "3.1_DP8"
            },
            {
              "status": "affected",
              "version": "3.10_DP1"
            },
            {
              "status": "affected",
              "version": "3.10.2"
            },
            {
              "status": "affected",
              "version": "3.10.3"
            },
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "status": "affected",
              "version": "3.10.1"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 06"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 07"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.8.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.9.1 Update 04"
            },
            {
              "status": "affected",
              "version": "3.10 Update 01"
            },
            {
              "status": "affected",
              "version": "3.4.2 Update 01"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 04"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 03"
            },
            {
              "status": "affected",
              "version": "3.6.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 03"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.0 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 05"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 04"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 06"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.3 Update 02"
            },
            {
              "status": "affected",
              "version": "2.2.1 Update 01"
            },
            {
              "status": "affected",
              "version": "2.2.2 Update 03"
            },
            {
              "status": "affected",
              "version": "2.2.2 Update 04"
            },
            {
              "status": "affected",
              "version": "3.8.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.8.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.7.1 Update 05"
            },
            {
              "status": "affected",
              "version": "3.9.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.3.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.4.1 Update 02"
            },
            {
              "status": "affected",
              "version": "3.4.1 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 03"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 01"
            },
            {
              "status": "affected",
              "version": "3.5.0 Update 02"
            },
            {
              "status": "affected",
              "version": "3.10.4"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 01"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 02"
            },
            {
              "status": "affected",
              "version": "3.10.4 Update 03"
            },
            {
              "status": "affected",
              "version": "3.10.5"
            },
            {
              "status": "affected",
              "version": "3.10.6"
            },
            {
              "status": "affected",
              "version": "3.10.6 Update 01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:11:56.571Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-pi-xss-bYeVKCD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYeVKCD"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-xss-bYeVKCD",
        "defects": [
          "CSCwo96708"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20111",
    "datePublished": "2026-02-04T16:11:56.571Z",
    "dateReserved": "2025-10-08T11:59:15.374Z",
    "dateUpdated": "2026-02-04T16:41:39.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14807 (GCVE-0-2026-14807)

Vulnerability from cvelistv5 – Published: 2026-07-06 07:09 – Updated: 2026-07-06 15:53
VLAI
Title
PROG MIS|ERP App - Use of Hard-coded Credentials
Summary
ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
PROG MIS ERP App Affected: all (custom)
Create a notification for this product.
Date Public
2026-07-06 07:07
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14807",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T15:53:17.962652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T15:53:24.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ERP App",
          "vendor": "PROG MIS",
          "versions": [
            {
              "status": "affected",
              "version": "all",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-07-06T07:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password."
            }
          ],
          "value": "ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-191",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-191 Read Sensitive Constants Within an Executable"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-06T07:10:43.671Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-11023-3abe8-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-11024-c5c1a-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact the vendor for patching."
            }
          ],
          "value": "Contact the vendor for patching."
        }
      ],
      "source": {
        "advisory": "TVN-202607001",
        "discovery": "EXTERNAL"
      },
      "title": "PROG MIS\uff5cERP App - Use of Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2026-14807",
    "datePublished": "2026-07-06T07:09:51.844Z",
    "dateReserved": "2026-07-06T06:26:56.497Z",
    "dateUpdated": "2026-07-06T15:53:24.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-13768 (GCVE-0-2026-13768)

Vulnerability from cvelistv5 – Published: 2026-07-02 23:40 – Updated: 2026-07-06 14:51
VLAI
Title
Gardyn IoT Hub Use of Hard-coded Credentials
Summary
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Gardyn Gardyn Home Firmware Affected: 0 , < master.627 (custom)
Create a notification for this product.
Gardyn Gardyn Studio Firmware Affected: 0 , < master.627 (custom)
Create a notification for this product.
Gardyn Gardyn Cloud API Affected: 0 , < 2.12.2026 (custom)
Create a notification for this product.
Credits
Michael Groberman reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-13768",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T14:51:18.483755Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T14:51:30.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Gardyn Home Firmware",
          "vendor": "Gardyn",
          "versions": [
            {
              "lessThan": "master.627",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gardyn Studio Firmware",
          "vendor": "Gardyn",
          "versions": [
            {
              "lessThan": "master.627",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gardyn Cloud API",
          "vendor": "Gardyn",
          "versions": [
            {
              "lessThan": "2.12.2026",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael Groberman reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eGardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user\u0027s network.\u003c/span\u003e"
            }
          ],
          "value": "Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user\u0027s network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T23:40:32.780Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://mygardyn.com/security/"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eGardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities.\u003c/span\u003e"
            }
          ],
          "value": "Gardyn states that IoT Hub deployed infrastructure has been updated to fix the listed vulnerabilities."
        }
      ],
      "source": {
        "advisory": "ICSA-26-183-03",
        "discovery": "EXTERNAL"
      },
      "title": "Gardyn IoT Hub Use of Hard-coded Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eGardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther information on Gardyn security can be found here:\u0026nbsp;\u003ca href=\"https://mygardyn.com/security/\"\u003ehttps://mygardyn.com/security/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003eFurther customer support can be obtained from Gardyn at:\u0026nbsp;\u003ca href=\"mailto:support@mygardyn.com\"\u003esupport@mygardyn.com\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Gardyn requests that users ensure their devices have Internet connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection. Gardyn also recommends that users update their mobile application to the most recent version. The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\n\nFurther information on Gardyn security can be found here:\u00a0 https://mygardyn.com/security/ \n\n\n\n\nFurther customer support can be obtained from Gardyn at:\u00a0 support@mygardyn.com mailto:support@mygardyn.com"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-13768",
    "datePublished": "2026-07-02T23:40:32.780Z",
    "dateReserved": "2026-06-29T20:16:52.293Z",
    "dateUpdated": "2026-07-06T14:51:30.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-13728 (GCVE-0-2026-13728)

Vulnerability from cvelistv5 – Published: 2026-07-02 23:07 – Updated: 2026-07-06 14:56
VLAI
Title
WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database
Summary
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
WatchGuard Fireware OS Affected: 12.1 , ≤ 12.12 (semver)
Affected: 2025.1 , ≤ 2026.2 (semver)
Create a notification for this product.
Credits
Cody Sixteen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-13728",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T14:55:52.147710Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T14:56:01.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fireware OS",
          "vendor": "WatchGuard",
          "versions": [
            {
              "lessThanOrEqual": "12.12",
              "status": "affected",
              "version": "12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2026.2",
              "status": "affected",
              "version": "2025.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.1",
                  "versionEndIncluding": "12.12",
                  "versionStartIncluding": "12.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
                  "versionEndIncluding": "2026.2",
                  "versionStartIncluding": "2025.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cody Sixteen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources.\u003cbr\u003e\u003cbr\u003eThis vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster."
            }
          ],
          "value": "In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources.\n\nThis vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T23:07:01.203Z",
        "orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
        "shortName": "WatchGuard"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00025"
        }
      ],
      "source": {
        "advisory": "WGSA-2026-00025",
        "defect": [
          "FBX-32252"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
    "assignerShortName": "WatchGuard",
    "cveId": "CVE-2026-13728",
    "datePublished": "2026-07-02T23:07:01.203Z",
    "dateReserved": "2026-06-29T14:36:27.889Z",
    "dateUpdated": "2026-07-06T14:56:01.465Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12628 (GCVE-0-2026-12628)

Vulnerability from cvelistv5 – Published: 2026-06-22 13:43 – Updated: 2026-06-25 13:46
VLAI
Title
Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system
Summary
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7277245 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Storage Protect Client Affected: 8.1.0.0 , ≤ 8.2.1.0 (semver)
    cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_protect_client:8.2.1.0:*:*:*:*:*:*:*
Create a notification for this product.
IBM Storage Protect Snapshot For Windows Affected: 8.1.0.0 , ≤ 8.2.1.0 (semver)
    cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.2.1.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
The vulnerability was reported to IBM by Pétur Eyþórsson and Cristie Nordic.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12628",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T03:55:26.275060Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T13:46:45.963Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_protect_client:8.2.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Protect Client",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "8.2.1.0",
              "status": "affected",
              "version": "8.1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.1.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.2.1.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Protect Snapshot For Windows",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "8.2.1.0",
              "status": "affected",
              "version": "8.1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The vulnerability was reported to IBM by P\u00e9tur Ey\u00fe\u00f3rsson and Cristie Nordic."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources.\u003c/p\u003e"
            }
          ],
          "value": "IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T18:52:31.455Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7277245"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFixing level\u003c/td\u003e\u003ctd\u003ePlatforms\u003c/td\u003e\u003ctd\u003eLink to fix and instructions\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Storage Protect Backup-Archive Client\u003c/td\u003e\u003ctd\u003e8.2.1.1\u003c/td\u003e\u003ctd\u003eWindows\u0026nbsp;\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267111\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267111\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003eCurrently, the vulnerability has been addressed on the Windows platform through an iFix release.\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA hardcoded password present in the source code of IBM Storage Protect Snapshot For Windows, which led to a security vulnerability, has been resolved in this release.\u003c/p\u003e\u003cp\u003eFor other platforms (AIX, HP-UX, Linux, Macintosh, and Solaris), the hardcoded password still exists in the code; however, it is not actively used and is only identified during static code scans. This issue has been assessed as low severity, and separate PVRs have been created to track it.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now.\n\nProductFixing levelPlatformsLink to fix and instructionsIBM Storage Protect Backup-Archive Client8.2.1.1Windows\u00a0 https://www.ibm.com/support/pages/node/7267111 \n\n\n\nCurrently, the vulnerability has been addressed on the Windows platform through an iFix release.\n\n\n\n\n\nA hardcoded password present in the source code of IBM Storage Protect Snapshot For Windows, which led to a security vulnerability, has been resolved in this release.\n\n\n\nFor other platforms (AIX, HP-UX, Linux, Macintosh, and Solaris), the hardcoded password still exists in the code; however, it is not actively used and is only identified during static code scans. This issue has been assessed as low severity, and separate PVRs have been created to track it."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe remaining PVRs for other platforms are classified with a low severity score and will be addressed in an upcoming release.\u003c/div\u003e"
            }
          ],
          "value": "The remaining PVRs for other platforms are classified with a low severity score and will be addressed in an upcoming release."
        }
      ],
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-12628",
    "datePublished": "2026-06-22T13:43:33.351Z",
    "dateReserved": "2026-06-18T15:18:16.795Z",
    "dateUpdated": "2026-06-25T13:46:45.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11849 (GCVE-0-2026-11849)

Vulnerability from cvelistv5 – Published: 2026-06-12 09:47 – Updated: 2026-06-12 12:15
VLAI
Title
IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials
Summary
The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
IEI Integration Corp iRM-TSi410X Affected: 0 , < 1.4.19 (custom)
Create a notification for this product.
Date Public
2026-06-12 09:45
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T12:15:26.180215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T12:15:33.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iRM-TSi410X",
          "vendor": "IEI Integration Corp",
          "versions": [
            {
              "lessThan": "1.4.19",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-06-12T09:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The\u0026nbsp;\niRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database."
            }
          ],
          "value": "The\u00a0\niRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T09:47:59.008Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-10971-ac61f-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-10972-32032-2.html"
        }
      ],
      "source": {
        "advisory": "TVN-202606005",
        "discovery": "EXTERNAL"
      },
      "title": "IEI Integration Corp\uff5ciRM-IEI Remote Management - Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2026-11849",
    "datePublished": "2026-06-12T09:47:59.008Z",
    "dateReserved": "2026-06-10T07:51:02.579Z",
    "dateUpdated": "2026-06-12T12:15:33.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11414 (GCVE-0-2026-11414)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:01 – Updated: 2026-06-09 14:36
VLAI
Title
Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal
Summary
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials. A separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted in practice, as file storage uses object storage rather than the local filesystem.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
Altium Altium Enterprise Server Affected: 0 , < 8.1.1 (semver)
Create a notification for this product.
Date Public
2026-06-05 18:51
Credits
Joris Aerts, Tesla Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T14:20:55.464260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T14:36:21.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Vault Service (DownloadController)"
          ],
          "platforms": [
            "Web"
          ],
          "product": "Altium Enterprise Server",
          "vendor": "Altium",
          "versions": [
            {
              "lessThan": "8.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joris Aerts, Tesla Inc."
        }
      ],
      "datePublic": "2026-06-05T18:51:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials.\n\u003cbr\u003e\u003cbr\u003eA separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted in practice, as file storage uses object storage rather than the local filesystem."
            }
          ],
          "value": "A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials.\n\n\nA separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted in practice, as file storage uses object storage rather than the local filesystem."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:01:12.061Z",
        "orgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
        "shortName": "Altium"
      },
      "references": [
        {
          "url": "https://www.altium.com/platform/security-compliance/security-advisories"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79",
    "assignerShortName": "Altium",
    "cveId": "CVE-2026-11414",
    "datePublished": "2026-06-05T19:01:12.061Z",
    "dateReserved": "2026-06-05T18:44:36.347Z",
    "dateUpdated": "2026-06-09T14:36:21.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-10557 (GCVE-0-2026-10557)

Vulnerability from cvelistv5 – Published: 2026-06-12 14:05 – Updated: 2026-06-12 15:35
VLAI
Title
Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials
Summary
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers carrying real-time telemetry for the entire global Yarbo robot fleet. They allow both wildcard subscription to all robot telemetry topics and publishing to any robot's command topic using only the robot's serial number.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
Impacted products
Date Public
2026-06-11 17:00
Credits
Markus Lassfolk of Truesec reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T15:35:23.118826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T15:35:50.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Yarbo Android/IOS mobile application",
          "vendor": "Yarbo",
          "versions": [
            {
              "lessThan": "3.17.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Yarbo Cloud MQTT infrastructure",
          "vendor": "Yarbo",
          "versions": [
            {
              "status": "affected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Markus Lassfolk of Truesec reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2026-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers carrying real-time telemetry for the entire global Yarbo robot fleet. They allow both wildcard subscription to all robot telemetry topics and publishing to any robot\u0027s command topic using only the robot\u0027s serial number."
            }
          ],
          "value": "The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers carrying real-time telemetry for the entire global Yarbo robot fleet. They allow both wildcard subscription to all robot telemetry topics and publishing to any robot\u0027s command topic using only the robot\u0027s serial number."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T14:05:34.685Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Yarbo recommends users update the Yarbo mobile app to 3.17.4 or later. Server-side broker authorization will be enforced automatically upon deployment of the May 2026 update. No user action is required."
            }
          ],
          "value": "Yarbo recommends users update the Yarbo mobile app to 3.17.4 or later. Server-side broker authorization will be enforced automatically upon deployment of the May 2026 update. No user action is required."
        }
      ],
      "source": {
        "advisory": "ICSA-26-162-01",
        "discovery": "EXTERNAL"
      },
      "title": "Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-10557",
    "datePublished": "2026-06-12T14:05:34.685Z",
    "dateReserved": "2026-06-01T14:53:33.531Z",
    "dateUpdated": "2026-06-12T15:35:50.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9139 (GCVE-0-2026-9139)

Vulnerability from cvelistv5 – Published: 2026-05-20 19:35 – Updated: 2026-05-21 12:50
VLAI
Title
Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
Summary
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
Vendor Product Version
Taiko Network Communications Pte Ltd. AG1000-01A SMS Alert Gateway Affected: Rev 7.3 (custom)
Affected: Rev 8 (custom)
Affected: UM-AG1000_R7.2 (custom)
Create a notification for this product.
Date Public
2026-05-20 20:00
Credits
Muhammad Imam Baguna VulnCheck
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-21T12:50:50.726547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T12:50:58.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AG1000-01A SMS Alert Gateway",
          "vendor": "Taiko Network Communications Pte Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Rev 7.3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "Rev 8",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UM-AG1000_R7.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Imam Baguna"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulnCheck"
        }
      ],
      "datePublic": "2026-05-20T20:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTaiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device.\u003c/p\u003e"
            }
          ],
          "value": "Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source. Unauthenticated attackers with network access can recover administrative credentials directly from the client-side validate() function to obtain full administrative access to the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T19:35:28.538Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Ledger Security Bulletin 019",
          "tags": [
            "technical-description"
          ],
          "url": "https://medium.com/@forgetmen0t/multiple-vulnerabilities-in-taiko-ag1000-01a-sms-alert-gateway-82095b1d633e"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/taiko-ag1000-01a-rev-8-hard-coded-credentials-via-login-zhtml"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-9139",
    "datePublished": "2026-05-20T19:35:28.538Z",
    "dateReserved": "2026-05-20T19:04:51.690Z",
    "dateUpdated": "2026-05-21T12:50:58.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].
  • In Windows environments, the Encrypted File System (EFS) may provide some protection.
Mitigation
Architecture and Design

For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.

Mitigation
Architecture and Design

If the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.

Mitigation
Architecture and Design
  • For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.
  • Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
Architecture and Design
  • For front-end to back-end connections: Three solutions are possible, although none are complete.
  • The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.
  • Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.
  • Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks.
CAPEC-191: Read Sensitive Constants Within an Executable

An adversary engages in activities to discover any sensitive constants present within the compiled code of an executable. These constants may include literal ASCII strings within the file itself, or possibly strings hard-coded into particular routines that can be revealed by code refactoring methods including static and dynamic analysis.

CAPEC-70: Try Common or Default Usernames and Passwords

An adversary may try certain common or default usernames and passwords to gain access into the system and perform unauthorized actions. An adversary may try an intelligent brute force using empty passwords, known vendor default credentials, as well as a dictionary of common usernames and passwords. Many vendor products come preconfigured with default (and thus well-known) usernames and passwords that should be deleted prior to usage in a production environment. It is a common mistake to forget to remove these default login credentials. Another problem is that users would pick very simple (common) passwords (e.g. "secret" or "password") that make it easier for the attacker to gain access to the system compared to using a brute force attack or even a dictionary attack using a full dictionary.