Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Data Recognition Corporation
CVE-2026-5756 (GCVE-0-2026-5756)
Vulnerability from cvelistv5 – Published: 2026-04-14 17:51 – Updated: 2026-04-23 13:33
VLAI
Title
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)
Summary
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Data Recognition Corporation | Central Office Services - Content Hosting Component |
Affected:
975
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T11:55:49.509703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T12:05:46.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-23T13:33:37.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/748485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Office Services - Content Hosting Component",
"vendor": "Data Recognition Corporation",
"versions": [
{
"status": "affected",
"version": "975"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server\u0027s configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T17:51:53.628Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.datarecognitioncorp.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)",
"x_generator": {
"engine": "VINCE 3.0.35",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5756"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-5756",
"datePublished": "2026-04-14T17:51:53.628Z",
"dateReserved": "2026-04-07T16:42:45.597Z",
"dateUpdated": "2026-04-23T13:33:37.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}