Common Weakness Enumeration

CWE-1188

Allowed

Initialization of a Resource with an Insecure Default

Abstraction: Base · Status: Incomplete

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

402 vulnerabilities reference this CWE, most recent first.

CVE-2026-31818 (GCVE-0-2026-31818)

Vulnerability from cvelistv5 – Published: 2026-04-03 15:41 – Updated: 2026-04-03 20:04
VLAI
Title
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Summary
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the BLACKLIST_IPS environment variable is not set by default in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns false, allowing all requests through without restriction. This issue has been patched in version 3.33.4.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
  • CWE-1188 - Insecure Default Initialization of Resource
Assigner
Impacted products
Vendor Product Version
Budibase budibase Affected: < 3.33.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31818",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-03T20:04:22.287596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T20:04:33.012Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "budibase",
          "vendor": "Budibase",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.33.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase\u0027s REST datasource connector. The platform\u0027s SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the BLACKLIST_IPS environment variable is not set by default in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns false, allowing all requests through without restriction. This issue has been patched in version 3.33.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-03T15:41:13.955Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Budibase/budibase/security/advisories/GHSA-7r9j-r86q-7g45",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Budibase/budibase/security/advisories/GHSA-7r9j-r86q-7g45"
        },
        {
          "name": "https://github.com/Budibase/budibase/pull/18236",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Budibase/budibase/pull/18236"
        },
        {
          "name": "https://github.com/Budibase/budibase/commit/5b0fe83d4ece52696b62589cba89ef50cc009732",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Budibase/budibase/commit/5b0fe83d4ece52696b62589cba89ef50cc009732"
        },
        {
          "name": "https://github.com/Budibase/budibase/releases/tag/3.33.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Budibase/budibase/releases/tag/3.33.4"
        }
      ],
      "source": {
        "advisory": "GHSA-7r9j-r86q-7g45",
        "discovery": "UNKNOWN"
      },
      "title": "Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-31818",
    "datePublished": "2026-04-03T15:41:13.955Z",
    "dateReserved": "2026-03-09T17:41:56.076Z",
    "dateUpdated": "2026-04-03T20:04:33.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-30805 (GCVE-0-2026-30805)

Vulnerability from cvelistv5 – Published: 2026-05-12 15:09 – Updated: 2026-05-12 19:35
VLAI
Title
Insecure Default Initialization in API Authentication leads to Authentication Bypass
Summary
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a resource with an insecure default
Assigner
Impacted products
Vendor Product Version
Pandora FMS Pandora FMS Affected: 777 , ≤ 800 (custom)
Create a notification for this product.
Date Public
2026-05-12 15:08
Credits
Pedro J. Núñez-Cacho Fuentes <tunelko@gmail.com>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T19:35:27.702090Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T19:35:39.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "all"
          ],
          "product": "Pandora FMS",
          "vendor": "Pandora FMS",
          "versions": [
            {
              "lessThanOrEqual": "800",
              "status": "affected",
              "version": "777",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pedro J. N\u00fa\u00f1ez-Cacho Fuentes \u003ctunelko@gmail.com\u003e"
        }
      ],
      "datePublic": "2026-05-12T15:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800"
            }
          ],
          "value": "Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        },
        {
          "capecId": "CAPEC-59",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-59 Session Credential Falsification through Prediction"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Initialization of a resource with an insecure default",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T15:09:57.244Z",
        "orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
        "shortName": "PandoraFMS"
      },
      "references": [
        {
          "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fixed in v802 and 800.2"
            }
          ],
          "value": "Fixed in v802 and 800.2"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure Default Initialization in API Authentication leads to Authentication Bypass",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
    "assignerShortName": "PandoraFMS",
    "cveId": "CVE-2026-30805",
    "datePublished": "2026-05-12T15:09:57.244Z",
    "dateReserved": "2026-03-05T16:16:01.150Z",
    "dateUpdated": "2026-05-12T19:35:39.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28775 (GCVE-0-2026-28775)

Vulnerability from cvelistv5 – Published: 2026-03-04 07:24 – Updated: 2026-03-05 05:59
VLAI
Title
Unauthenticated RCE via SNMP Default Writable Community String
Summary
An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Credits
Abdul Mhanni
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T15:25:54.309909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T15:41:06.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SFX2100 Series SuperFlex SatelliteReceiver",
          "vendor": "International Datacasting Corporation (IDC)",
          "versions": [
            {
              "status": "affected",
              "version": "SFX2100"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Abdul Mhanni"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges."
            }
          ],
          "value": "An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP community string with read/write access by default. Because the SNMP agent runs as root, an unauthenticated remote attacker can utilize `NET-SNMP-EXTEND-MIB` directives, abusing the fact that the system runs a vulnerable version of net-snmp pre 5.8, to execute arbitrary operating system commands with root privileges."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Unauthenticated Remote Code Execution (RCE) as Root"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T05:59:25.113Z",
        "orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
        "shortName": "Gridware"
      },
      "references": [
        {
          "url": "https://www.abdulmhsblog.com/posts/sfx2100-vulns/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated RCE via SNMP Default Writable Community String",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
    "assignerShortName": "Gridware",
    "cveId": "CVE-2026-28775",
    "datePublished": "2026-03-04T07:24:50.693Z",
    "dateReserved": "2026-03-03T09:59:08.426Z",
    "dateUpdated": "2026-03-05T05:59:25.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28205 (GCVE-0-2026-28205)

Vulnerability from cvelistv5 – Published: 2026-04-09 18:54 – Updated: 2026-04-10 18:02
VLAI
Title
Initialization of a resource with an insecure default in OpenPLC_V3
Summary
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a resource with an insecure default
Assigner
References
Impacted products
Vendor Product Version
OpenPLC_V3 OpenPLC_V3 Affected: All versions
Create a notification for this product.
Credits
Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28205",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:02:12.757240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:02:22.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenPLC_V3",
          "vendor": "OpenPLC_V3",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Shriyans Sudhi (ss0x00) from Rochester Institute of Technology (RIT)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Initialization of a resource with an insecure default",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T18:54:58.694Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Initialization of a resource with an insecure default in OpenPLC_V3",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 (\u003ca href=\"https://github.com/autonomy-logic/openplc-runtime\" target=\"_blank\"\u003ehttps://github.com/autonomy-logic/openplc-runtime\u003c/a\u003e).\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime )."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-28205",
    "datePublished": "2026-04-09T18:54:58.694Z",
    "dateReserved": "2026-04-06T15:01:14.335Z",
    "dateUpdated": "2026-04-10T18:02:22.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27662 (GCVE-0-2026-27662)

Vulnerability from cvelistv5 – Published: 2026-05-12 08:21 – Updated: 2026-05-13 01:48
VLAI
Summary
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1000, Unified Comfort Panel neutral Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1200 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1500 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP1900 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Hygienic Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP2200 Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700 Unified Comfort Panel Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIMATIC HMI MTP700, Unified Comfort Panel neutral design Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP1000 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP1200 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Siemens SIPLUS HMI MTP700 Unified Comfort Affected: 0 , < V21 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27662",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T01:41:19.917677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T01:48:49.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1000, Unified Comfort Panel neutral",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1200 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1500 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP1900 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Hygienic",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP2200 Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700\u00a0Unified Comfort Panel",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC HMI MTP700, Unified Comfort Panel neutral design",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP1000 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP1200 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS HMI MTP700 Unified Comfort",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place.\r\nThis could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Initialization of a Resource with an Insecure Default",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T08:21:13.221Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-387223.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2026-27662",
    "datePublished": "2026-05-12T08:21:13.221Z",
    "dateReserved": "2026-02-23T10:07:00.530Z",
    "dateUpdated": "2026-05-13T01:48:49.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26122 (GCVE-0-2026-26122)

Vulnerability from cvelistv5 – Published: 2026-03-05 22:18 – Updated: 2026-06-19 18:17 Exclusively Hosted Service
VLAI
Title
Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Summary
Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
Date Public
2026-03-05 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T20:26:58.642440Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T20:27:09.343Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft ACI Confidential Containers",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:microsoft_aci_confidential_containers:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-03-05T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Initialization of a Resource with an Insecure Default",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T18:17:56.355Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ACI Confidential Containers Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122"
        }
      ],
      "tags": [
        "exclusively-hosted-service"
      ],
      "title": "Microsoft ACI Confidential Containers Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-26122",
    "datePublished": "2026-03-05T22:18:22.492Z",
    "dateReserved": "2026-02-11T15:52:13.911Z",
    "dateUpdated": "2026-06-19T18:17:56.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25894 (GCVE-0-2026-25894)

Vulnerability from cvelistv5 – Published: 2026-02-09 22:28 – Updated: 2026-02-11 21:25
VLAI
Title
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Summary
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
  • CWE-1188 - Insecure Default Initialization of Resource
Assigner
Impacted products
Vendor Product Version
frangoteam FUXA Affected: < 1.2.10
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:25:11.880678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:25:17.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FUXA",
          "vendor": "frangoteam",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T22:28:46.316Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg"
        },
        {
          "name": "https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d"
        },
        {
          "name": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.10"
        }
      ],
      "source": {
        "advisory": "GHSA-32cc-x95p-fxcg",
        "discovery": "UNKNOWN"
      },
      "title": "FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25894",
    "datePublished": "2026-02-09T22:28:46.316Z",
    "dateReserved": "2026-02-06T21:08:39.130Z",
    "dateUpdated": "2026-02-11T21:25:17.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25499 (GCVE-0-2026-25499)

Vulnerability from cvelistv5 – Published: 2026-02-04 20:31 – Updated: 2026-02-05 21:05
VLAI
Title
terraform-provider-proxmox has insecure sudo recommendation in the documentation
Summary
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Insecure Default Initialization of Resource
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25499",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T21:05:26.324039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T21:05:30.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "terraform-provider-proxmox",
          "vendor": "bpg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.93.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188: Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T20:31:17.316Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544"
        },
        {
          "name": "https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023"
        }
      ],
      "source": {
        "advisory": "GHSA-gwch-7m8v-7544",
        "discovery": "UNKNOWN"
      },
      "title": "terraform-provider-proxmox has insecure sudo recommendation in the documentation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25499",
    "datePublished": "2026-02-04T20:31:17.316Z",
    "dateReserved": "2026-02-02T18:21:42.485Z",
    "dateUpdated": "2026-02-05T21:05:30.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24197 (GCVE-0-2026-24197)

Vulnerability from cvelistv5 – Published: 2026-05-26 17:19 – Updated: 2026-05-27 15:44
VLAI
Summary
NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
Impacted products
Vendor Product Version
NVIDIA GeForce Affected: All driver versions prior to 595.71.05
Create a notification for this product.
NVIDIA GeForce Affected: All driver versions prior to 580.159.03
Create a notification for this product.
NVIDIA GeForce Affected: All driver versions prior to 535.309.01
Create a notification for this product.
NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
Create a notification for this product.
NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
Create a notification for this product.
NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 595.71.05
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 580.159.03
Create a notification for this product.
NVIDIA Tesla Affected: All driver versions prior to 535.309.01
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions prior to and including vGPU 20.0)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
Create a notification for this product.
NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24197",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T18:53:48.535083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T18:54:00.363Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R595)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 595.71.05"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 580.159.03"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 535.309.01"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.58.02(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "XenServer",
            "VMware vSphere",
            "Red Hat Enterprise Linux KVM",
            "Ubuntu(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "580.126.08(All versions prior to and including vGPU 19.4)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R595 vGPU 20)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "595.94(All versions prior to and including vGPU 20.0)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Azure Local",
            "Windows Server(R580 vGPU 19)"
          ],
          "product": "Virtual GPU Manager",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "582.16(All versions prior to and including vGPU 19.4)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Initialization of a Resource with an Insecure Default",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T15:44:16.401Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24197"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24197"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24197",
    "datePublished": "2026-05-26T17:19:40.408Z",
    "dateReserved": "2026-01-21T19:09:34.079Z",
    "dateUpdated": "2026-05-27T15:44:16.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24148 (GCVE-0-2026-24148)

Vulnerability from cvelistv5 – Published: 2026-03-31 16:22 – Updated: 2026-04-02 03:55
VLAI
Summary
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:55:59.949Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Jetson Linux(35)"
          ],
          "product": "Jetson Xavier Series and Jetson Orin Series",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 35.6.4"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Jetson Linux(36)"
          ],
          "product": "Jetson Xavier Series and Jetson Orin Series",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 36.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."
            }
          ],
          "value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data tampering, information disclosure, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Initialization of a Resource with an Insecure Default",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T16:22:51.128Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-24148",
    "datePublished": "2026-03-31T16:22:51.128Z",
    "dateReserved": "2026-01-21T19:09:27.438Z",
    "dateUpdated": "2026-04-02T03:55:59.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.