CVE-2026-1364
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.
AnalysisAI
IAQS and I6 by JNC have a missing authentication vulnerability allowing unauthenticated remote attackers to directly access sensitive system functionality.
Technical ContextAI
Combined with CVE-2026-1363 (client-side enforcement), this CWE-306 missing authentication means the JNC systems have neither client-side nor server-side authentication on critical endpoints.
Affected ProductsAI
JNC IAQS JNC I6
RemediationAI
Implement proper server-side authentication immediately. Both CVE-2026-1363 and CVE-2026-1364 must be addressed together.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today