Skip to main content

CVE-2026-1495

MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-02-10 ics-cert@hq.dhs.gov
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 10, 2026 - 21:16 nvd
MEDIUM 6.5

DescriptionCVE.org

The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.

AnalysisAI

Unprivileged users with Event Log Reader privileges can extract proxy server credentials and URLs from PI to CONNECT event logs, potentially enabling unauthorized proxy access. This local information disclosure affects systems where such log access is granted to low-privileged accounts. No patch is currently available.

Technical ContextAI

Classified as CWE-532 (Insertion of Sensitive Information into Log File). The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.

Affected ProductsAI

The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and pr

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-1495 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy