Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Avation
CVE-2026-1341 (GCVE-0-2026-1341)
Vulnerability from cvelistv5 – Published: 2026-02-03 21:26 – Updated: 2026-06-04 20:10
VLAI
Title
Missing Authentication for Critical Function in Avation Light Engine Pro
Summary
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avation | Avation Light Engine Pro |
Affected:
All
|
Date Public
2026-02-03 17:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:46:08.187019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:47:32.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Avation Light Engine Pro",
"vendor": "Avation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Souvik Kandar reported this vulnerability to CISA"
}
],
"datePublic": "2026-02-03T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAvation Light Engine Pro exposes its configuration and control interface without any authentication or access control.\u003c/span\u003e"
}
],
"value": "Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T20:10:46.950Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-02.json"
},
{
"url": "https://avation.co.nz/contact-us/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAvation has not responded to CISA\u0027s request to coordinate. Users of Avation Light Engine Pro are encouraged to contact Avation for more information.\u003cbr\u003e\u003c/span\u003ehttps://avation.co.nz/contact-us/"
}
],
"value": "Avation has not responded to CISA\u0027s request to coordinate. Users of Avation Light Engine Pro are encouraged to contact Avation for more information.\nhttps://avation.co.nz/contact-us/"
}
],
"source": {
"advisory": "ICSA-26-034-02",
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for Critical Function in Avation Light Engine Pro",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-1341",
"datePublished": "2026-02-03T21:26:41.708Z",
"dateReserved": "2026-01-22T15:06:19.135Z",
"dateUpdated": "2026-06-04T20:10:46.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}