2026-07-17
Privilege escalation in OpenClaw's isolated cron job feature (versions 2026.6.1 through 2026.6.8) lets a lower-trust authenticated caller reclaim execution tools that authorization policy had explicitly denied, enabling actions and persistence beyond their intended trust level. The flaw is an incorrect-authorization (CWE-863) issue rooted in misconfigured input path handling within the cron subsystem, and carries a CVSS 4.0 score of 7.7. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authorization bypass in OpenClaw's ClickClack agent-mode dispatch (versions 2026.5.10-beta.1 through 2026.6.4) allows a lower-trust caller to invoke actions that should be blocked by the toolsAllow policy, because that policy check can be skipped during dispatch. With CVSS PR:L, an already low-privileged authenticated caller (or an attacker-controlled input path) can escalate the scope of actions when the agent-mode feature is enabled and reachable. No public exploit identified at time of analysis; the issue was reported by VulnCheck and fixed in 2026.6.5.
Sensitive information exposure in the LearnPress LMS plugin for WordPress (versions up to and including 4.4.1) lets unauthenticated attackers pull correct-answer markers, complete option lists, explanations, and full question content for any quiz on the site through the check_answer logic in its frontend REST API. This exposes graded assessment material for paid courses the attacker never enrolled in or paid for, defeating the plugin's course-access model. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the network-facing, no-authentication nature makes it trivially reproducible against affected sites.
Sensitive file disclosure in the Wazuh Manager (versions 4.0.0-4.10.3 and 4.11.0-4.14.4) allows a malicious enrolling agent to exfiltrate manager secrets by abusing the group parameter during enrollment. The authd enrollment daemon fails to filter path traversal ("..") sequences in the agent-selected group name, so remoted later builds shared-configuration paths that reach /var/ossec/etc and stream files such as client.keys, ossec.conf, and internal certificates to the attacker-controlled agent. There is no public exploit identified at time of analysis, but the network-reachable, unauthenticated CVSS 7.5 profile makes this a meaningful confidentiality risk for exposed manager enrollment services.
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).
Session hijacking in SEPPmail Secure Email Gateway and SEPPmail Cloud before 15.0.4.2 lets an attacker who can observe traffic replay a victim's GINA web portal session because the session token is exposed both in the URL and in an HTTP header. Because the token travels in the request URL, it can leak into proxy logs, browser history, and Referer headers, enabling account takeover of the secure-message portal. There is no public exploit identified at time of analysis and the CVSS 4.0 exploit-maturity metric is 'Unproven' (E:U); the vendor CVSS 4.0 base score is 7.5.
Sensitive information disclosure in iKAS Technology Inc.'s E-Commerce platform (all versions through build 03062026) allows remote unauthenticated attackers to retrieve embedded sensitive data returned in server responses. Classified under CWE-201, the flaw causes confidential data to be inserted into data sent to clients, exposing it without authentication or user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CSIRT (TR-CERT/USOM).
Sensitive information disclosure in Proliz Software's OBS (a student information management system) affects all versions before v3.6.0, allowing remote unauthenticated attackers to reach functionality that is not properly restricted by access-control lists (CWE-201) and retrieve confidential data. The CVSS 7.5 vector (AV:N/AC:L/PR:N/UI:N, C:H only) confirms network-reachable, no-privilege access with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).
Remote denial of service in the h2o HTTP server (all versions prior to commit 9265bdd) allows unauthenticated attackers to exhaust server memory by combining HPACK header-decompression amplification with Slowloris-style HTTP/2 stream stalling. By opening many streams that stall mid-request, an attacker forces the server to retain large volumes of amplified decoded header state, degrading or crashing the service. There is no public exploit identified at time of analysis, and the CVSS 7.5 (A:H only) reflects an availability-only impact with no confidentiality or integrity effect.
Denial of service in Wazuh's analysis engine (wazuh-analysisd) lets an unauthenticated remote attacker permanently halt SIEM alert processing on Wazuh manager versions 1.0.0 through 4.14.4. Because the official wazuh/wazuh-docker deployment ships with password-less agent enrollment enabled by default, an attacker can register as an agent and send a crafted rootcheck event that overflows a fixed 30-byte heap buffer, crashing the daemon while the dashboard and API keep showing stale data - silently blinding the SIEM. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Stored cross-site scripting in the Kali Forms - Contact Form & Drag-and-Drop Builder plugin for WordPress (all versions through 2.4.18) lets fully unauthenticated attackers persist arbitrary JavaScript through the form's 'digitalSignature' field value, which is neither sanitized on input nor escaped on output. Because the form-submission nonce is exposed on any page rendering the form shortcode, the normal anti-CSRF barrier provides no protection, and the injected script executes in the browser of any user (including administrators) who later views the affected page. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a practical scan-and-spray candidate.
SQL injection in OpenRemote's datapoint crosstab export endpoint (all versions before 1.26.0) lets an authenticated user with asset creation or rename permissions exfiltrate database contents by embedding SQL into an asset display name that is concatenated into a raw PostgreSQL crosstab query. Injected SELECT results are streamed back inside the ZIP/CSV export response, giving a practical read primitive against any table the manager's database role can reach - including other tenants' data in multi-tenant deployments. Publicly available exploit code exists (VulnCheck/GHSA proof of concept); no active exploitation has been reported.
Session hijacking in Proxmox Virtual Environment (PVE 9.x/8.4.x) lets an authenticated user with rights to call the "vncproxy" API race the parallel "vncwebsocket" call and seize a VNC console session that a different user legitimately opened for a different VM. The flaw (CWE-362, CVSS 7.2) grants full interactive console access to another tenant's virtual machine, breaking isolation between users. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Cross-origin data exposure in the Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 stems from a hardcoded 'Access-Control-Allow-Origin: *' header returned on every response, including authenticated endpoints and preflight (OPTIONS) responses. Because the plugin authenticates via the Authorization and X-API-Token request headers rather than cookies, any malicious website scripting a leaked access token can read the response bodies of authenticated endpoints and perform write actions as that token's user. Reported by VulnCheck with no public exploit identified at time of analysis; not listed in CISA KEV.
Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.
Arbitrary file read in Sangoma Switchvox SMB Edition 8.3 (build 104997) allows an authenticated user to disclose sensitive files anywhere on the appliance filesystem. The play_file functionality trusts the user-controlled sound_path parameter and fails to validate paths, so supplying an absolute path escapes the intended sound directory. No public exploit code is identified, but a detailed technical write-up from the reporting researchers (SRA) exists, and the flaw is not listed in CISA KEV.
Unauthorized ticket data disclosure in osTicket v1.18.3 and v1.17.7 allows an authenticated low-privilege user to access tickets belonging to other users by manipulating object identifiers in the AJAX ticket-management endpoints. The flaw stems from missing per-object authorization checks (BOLA/IDOR) rather than a coding error in the request handler. It was reported by Fluid Attacks and fixed in v1.18.4/v1.17.8; no public exploit code is identified at time of analysis, though a Medium write-up and vendor advisory describe the issue.
Broken object-level authorization in the Hashtopolis server web-interface chunk activity component lets any authenticated low-privilege account read all cracked hashes across the entire server, regardless of access-group membership. Affecting all versions prior to 0.14.8, the flaw exposes recovered plaintext credentials - the core sensitive output of the platform - to users who should only see their own group's data. No public exploit is identified at time of analysis, but the vendor confirmed the issue and shipped a fix in v0.14.8.
Untrusted plugin loading in OpenClaw before 2026.5.22 lets an attacker with lower-trust caller access, or control over configured input paths, get malicious workspace plugins loaded through the setup-mode discovery process, executing or persisting actions above their intended authorization level. Exploitation is local and requires active user interaction plus a specific attack precondition (CVSS 4.0 base 7.1), and there is no public exploit identified at time of analysis. The root cause is inclusion of functionality from an untrusted control sphere (CWE-829) during setup-mode plugin discovery.
Stored cross-site scripting in Sangoma Switchvox SMB Edition 8.3 (build 104997) lets an authenticated user inject persistent JavaScript through the voicemail notification template feature, which then executes in the browsers of other users who view the affected template. The payload is submitted via the template_text parameter to the submit_modify_voicemail_template endpoint, which fails to sanitize HTML. No public exploit identified at time of analysis, though the flaw was disclosed with a technical writeup by researchers at SRA; it is not listed in CISA KEV.
Improper Access Control in TXOne Networks' Removable Media Validation function allows a local administrator to bypass the file lockdown mechanism enforced by SafePortAgent (before 3.2.5024) and StellarProtect (3.2.4011 through before 5.0.1083), enabling unauthorized file transfer to a protected device via specially prepared removable media. The attack requires pre-positioning unauthorized files on the removable media before insertion, making this a deliberate, multi-step insider or supply-chain adjacent threat rather than opportunistic exploitation. No public exploit code or active exploitation has been identified at time of analysis; the vendor self-reported this issue through their PSIRT.
Sensitive information exposure in the pCloud WP Backup WordPress plugin (all versions up to and including 2.0.3) allows subscriber-level authenticated users to trigger full-site backup archive generation via the unprotected `wp2pcl_ajax_process_request_inner` AJAX endpoint. The resulting archive is deposited in the plugin's publicly web-accessible `tmp/` directory at a predictable URL, exposing `wp-config.php` database credentials, WordPress authentication secret salts, and the complete PHP source tree to unauthenticated HTTP retrieval by any internet visitor. No public exploit code has been identified at time of analysis, but the two-phase attack path (low-privilege trigger followed by unauthenticated exfiltration) makes this significantly more impactful than the 6.5 CVSS score suggests, as successful exploitation provides the material for full database access and authentication session forgery.
Out-of-bounds memory read in YAML::Syck's bundled libsyck C library for Perl exposes any application calling Load() or LoadFile() on untrusted YAML to a one-byte heap over-read. The root flaw (CVE-2025-11683) resided in the libsyck block-scalar lexer's newline scanning logic; the patch issued for that CVE was incomplete, leaving a second lexer path uncovered - subsequently disclosed as CVE-2026-57077. Both are resolved in YAML-Syck 1.47 (released July 13, 2026). No public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog.
Authorization bypass in GisLab Laboratory Management System (versions 1.4.03 through 08072026) allows an authenticated low-privileged user to access confidential data belonging to other users by manipulating user-controlled identifier keys in requests. The flaw (CWE-639, IDOR class) exposes high-confidentiality data without requiring elevated privileges or user interaction, over the network. No public exploit or CISA KEV listing has been identified at time of analysis; the vulnerability was disclosed by Turkey's national CERT (TR-CERT) via advisory TR-26-0573.
Improper null checking in Mattermost Desktop App versions ≤6.2, 5.5.13, and 6.0.2.0 enables any authenticated channel member to crash the Desktop App of all other members in the same channel by posting a crafted link containing an embedded image served without expected HTTP headers. The crash is client-side and can be made persistent if the malicious message remains in the channel, forcing repeated crashes each time an affected client reconnects. No public exploit has been identified at time of analysis, but the low-privilege attack vector and trivial reproduction make this a realistic insider or compromised-account threat in collaborative environments.
Mattermost Desktop App across the 5.x and 6.x release branches can be crashed by a malicious server operator through unvalidated inter-process payloads sent from the Mattermost Web App to the Desktop App. The root cause is the absence of payload validation in the Web-to-Desktop communication channel, enabling a server owner to send a malformed method payload that causes uncontrolled processing and application termination on the connected client. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible path and low-complexity exploitation make this a credible denial-of-service threat for organizations running self-hosted Mattermost deployments with untrusted or compromised server administrators.
DLL hijacking in HCL Traveler for Microsoft Outlook (HTMO) permits a local, high-privileged attacker to replace or plant a malicious DLL in a directory searched by the application at load time, enabling arbitrary code execution within the HTMO process context. The CVSS vector (AV:L/AC:L/PR:H/UI:R) confirms the attack is constrained to local access with elevated privileges and requires a user to trigger application load, substantially limiting real-world exploitability despite the full C/I/A:H impact ratings. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Memory exhaustion denial-of-service in Wazuh's cluster protocol parser affects all deployments running versions 3.9.0 through 4.14.4. The cluster service reads an attacker-supplied payload length from an incoming message header and allocates memory of that size before performing any authentication or decryption, enabling unauthenticated adjacent-network attackers to exhaust system memory and crash the cluster service. No public exploit or CISA KEV listing exists at time of analysis; vendor-released patch 4.14.5 is available.
Remote denial-of-service and potential heap corruption in the Wazuh manager's wazuh-remoted daemon allows any enrolled agent to crash the manager's agent-communication process, instantly severing all agent connections across the entire deployment. Affected versions span 3.0.0 through 4.14.4; a secondary code path triggered by the same underflow may permit heap memory write primitives beyond pure DoS. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low exploitation barrier - any enrolled agent suffices - makes it a meaningful insider or supply-chain risk for Wazuh-dependent SOC environments.
Incorrect access control in the Proxmox Virtual Environment qemu-server component exposes hashed passwords to authenticated low-privilege users via the cloudinit/dump API endpoint. Affects PVE 8.x before 8.4.8 and 9.x before 9.1.8. An attacker with minimal PVE credentials can retrieve cloud-init password hashes for VMs, enabling offline cracking and potential lateral movement into guest systems. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.
Stored cross-site scripting in the Smart Custom Fields WordPress plugin (versions up to and including 5.0.7) enables authenticated attackers holding at minimum Author-level access to persist malicious JavaScript payloads by supplying unsanitized content in uploaded image attachment titles. Any site visitor who subsequently loads an affected page triggers execution of the injected script within their browser, enabling session hijacking, credential harvesting, or unauthorized actions on behalf of that user. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis; however, the vulnerability is partially unresolved even in the stated boundary version 5.0.7, making the precise remediation target unclear without consulting the referenced patch changesets.
Stored Cross-Site Scripting in the ChatHelp plugin for WordPress (versions through 3.5.1) allows authenticated attackers with contributor-level access to inject persistent malicious scripts via the 'number' and 'group' shortcode attributes, which execute in victims' browsers on page load. The vulnerability stems from insufficient input sanitization and output escaping in the shortcode rendering layer, identified across multiple source files in CustomButtonsTemplates.php and CustomShortcode.php. No public exploit code has been identified at time of analysis, and the plugin is not listed in CISA KEV; however, Wordfence has published a threat intelligence entry and a patch changeset exists in the WordPress plugin repository.
Stored Cross-Site Scripting in the Ninja Forms Excel Export WordPress plugin (versions ≤ 3.3.6) allows authenticated attackers with subscriber-level access to inject persistent malicious scripts into the admin Excel Export screen. The dual root cause is a missing capability check and nonce verification in the save_filter() AJAX handler - enabling any authenticated user to write arbitrary filter data to WordPress options - combined with unescaped concatenation of that data into HTML attributes in get_filter_row(). When administrative users subsequently visit the Excel Export admin page, the stored payload executes in their browser, enabling session hijack, credential theft, or further privilege escalation. No public exploit code or CISA KEV listing has been identified at time of analysis.
WebSocket authentication rate limit bypass in OpenClaw versions 2026.2.25 through pre-2026.5.26 enables lower-trust callers or configured non-browser input paths to flood authentication attempts without being throttled at the gateway layer. The impact is limited to availability - an attacker can consume gateway connection and compute resources, degrading service for legitimate users. No public exploit has been identified at time of analysis and OpenClaw does not appear in the CISA KEV catalog.
Reflected Cross-Site Scripting in the WooCommerce PlacetoPay Gateway family of plugins (all regional Evertec variants) allows unauthenticated network-based attackers to inject and execute arbitrary JavaScript in victims' browsers by abusing the unsanitized 'redirect-url' parameter - confirmed in versions up to and including 3.2.2 across at least six regional plugin variants (Colombia, Ecuador, Honduras, Uruguay, Belice, and base). Exploitation requires the attacker to socially engineer a victim into clicking a crafted link; no patch version has been identified in the available data, as the most recent release (3.2.2, dated 2026-04-22) addresses only a tax-validation issue and not this XSS. No public exploit code or CISA KEV listing identified at time of analysis.
Reflected Cross-Site Scripting in the WP Hotel Booking WordPress plugin (ThimPress) through version 2.3.2 enables unauthenticated network attackers to inject arbitrary JavaScript into hotel booking archive pages via the unsanitized `check_in_date` parameter. When a victim clicks a crafted URL, the payload executes in their browser under the WordPress site's origin — enabling session hijacking, credential theft, or unauthorized actions on behalf of the victim, including against administrator accounts. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the CVSS scope-change metric (S:C) elevates the base score to 6.1 by reflecting cross-context browser impact.
Missing authorization in mosaxiv clawlet up to version 0.2.10 allows low-privileged remote attackers to list and remove cron jobs through the cron Chat Tool component without proper permission checks. The affected functions are list and remove in tools/tool_cron.go, enabling unauthorized enumeration and deletion of scheduled tasks. A public exploit exists via the project's GitHub issue tracker; the maintainer closed the report as 'not planned,' meaning no vendor patch is forthcoming.
Missing authentication on the executor_manager control-plane API in poco-ai/poco-claw through version 0.5.4 allows adjacent-network attackers to invoke the `create_task` endpoint without any credentials, enabling unauthorized task submission to the AI agent execution engine. The CVSS 4.0 vector (AV:A) confirms exploitation requires adjacency to the internal network segment hosting the executor manager service - it is not directly internet-exploitable. Public exploit code has been disclosed via GitHub issues #136/#137 and PR #135; no CISA KEV listing exists at time of analysis.
SQL injection in itsourcecode Hospital Management System 1.0 allows authenticated remote attackers to manipulate database queries via the `delid` parameter of `/prescriptionorderdetail.php`. An authenticated low-privilege user can extract, alter, or delete sensitive patient and prescription records stored in the backend database. A public exploit proof-of-concept is available on GitHub (E:P per CVSS 4.0), lowering the barrier to exploitation; however, no CISA KEV listing has been identified, and the overall impact is bounded to low-level confidentiality, integrity, and availability effects.
Cross-site scripting in Proxmox Virtual Environment (PVE) 8.x and 9.x allows an unauthenticated remote attacker to inject and execute arbitrary JavaScript in the browser of an authenticated PVE user who interacts with a crafted payload. The CVSS scope change (S:C) confirms the injected script executes outside the originating component's security context, enabling session hijacking, credential theft, or unauthorized management actions against the hypervisor web UI. SSVC classifies exploitation status as none with no automation possible, and no active exploitation or public exploit code has been identified at time of analysis.
ReDoS in Grav CMS's Twig sandbox allows an authenticated page editor to crash the web server process via a catastrophically backtracking PCRE pattern supplied to the `regex_replace` filter. Affected versions are all Grav releases prior to 2.0.4. Exploitation requires a non-default configuration (`security.twig_content.process_enabled: true`) and at least page-editor-level authentication, limiting blast radius to deployments that have deliberately unlocked Twig processing in page content. No public exploit code or CISA KEV listing has been identified at time of analysis.
Missing authorization in OpenClaw's Discord moderation action handling allows a low-privilege caller to perform moderation operations - such as banning, kicking, or muting users - that should require elevated permissions. All OpenClaw versions prior to 2026.6.9 are affected per the vendor's GitHub security advisory (GHSA-f6p7-6326-vf7v), reported by VulnCheck. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the CVSS 4.0 integrity impact is rated High, reflecting meaningful abuse potential where a lower-trust actor gains outsized moderation authority over a Discord community.
Authorization bypass in OpenClaw's hooks `allowedAgentIds` validation allows a lower-trust authenticated caller to circumvent agent ID restrictions by submitting blank agent IDs, effectively elevating privileges to perform actions gated behind stronger policy controls. Affected versions span OpenClaw 2026.2.12 through versions prior to 2026.5.26, with the flaw traceable to improper input validation of the agent identifier field during hook processing. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, though the high integrity impact (VI:H per CVSS 4.0) signals meaningful risk to deployments that rely on agent-scoped authorization boundaries.
Bot token and credential exposure in OpenClaw Bot Framework (versions before 2026.5.28) enables low-privilege authenticated callers to exfiltrate sensitive authentication data by supplying crafted serviceUrl values that circumvent trusted boundary validation. The flaw resides in the Microsoft Teams integration component (openclaw:msteams) and allows attackers to redirect credential-bearing requests to attacker-controlled endpoints, compromising bot tokens and downstream authentication secrets. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; however, the CVSS 4.0 score of 6.0 reflects high confidentiality impact contingent on a specific attack prerequisite (AT:P) and low-privilege access.
Token leakage in OpenClaw's MS Teams integration (versions before 2026.5.27) allows lower-trust authenticated callers to retrieve Bot Framework tokens that should remain within the application's trusted boundary. Attackers exploit access to configured input paths involved in outbound MS Teams requests to harvest bearer tokens, which can then be used to authenticate to downstream Microsoft Bot Framework or Teams services as the compromised bot identity. No public exploit code exists and this vulnerability is not listed in CISA KEV, but the high confidentiality impact (VC:H) and credential theft potential make patching a priority for any organization running this integration.
Denial of service in OpenClaw gateway via slow-read attacks against remote media URL processing affects all versions before 2026.6.1. Attackers with access to configured input paths can supply crafted remote media URLs that hold gateway worker connections open indefinitely, gradually exhausting the worker pool and degrading availability for legitimate requests. No active exploitation has been confirmed (not listed in CISA KEV) and no public POC has been identified at time of analysis, but the network-reachable vector and high availability impact make this a meaningful operational risk for exposed deployments.
Authorization header leakage in OpenClaw before 2026.6.5 exposes credentials to unintended servers during MCP SSE redirect handling, allowing an authenticated lower-trust caller to gain access to resources beyond their intended authorization scope. The vulnerability affects deployments where the MCP SSE redirect feature is enabled and reachable by lower-trust input paths, with practical impact varying by operator configuration. Vendor-released patch 2026.6.5 is available; no public exploit code or active exploitation has been identified at time of analysis.
Missing authorization controls in OpenClaw's MS Teams message actions feature permit a low-privilege authenticated caller to invoke operations that should require elevated permissions or policy checks, resulting in high integrity impact (VI:H per the CVSS 4.0 vector) on affected deployments. The flaw spans versions 2026.4.12-beta.1 through 2026.6.5, and practical severity is configuration-dependent - exploitation is gated on the MS Teams feature being enabled and reachable. No public exploit code exists and the vulnerability is not in the CISA KEV catalog; the vendor confirmed and patched the issue in 2026.6.6.
Missing firmware integrity verification in ABB KNX Update Tool versions through 2.0.175 allows an adjacent network attacker with low-privilege access to inject tampered updates onto KNX building automation devices, leading to high integrity and availability impact. The vulnerability (CWE-353) means the tool accepts update packages without cryptographic validation, enabling a man-in-the-middle or rogue-update attack on the KNX bus segment. No public exploit code or CISA KEV listing has been identified at time of analysis, and active exploitation has not been confirmed.