CVE-2026-1670
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
AnalysisAI
Unauthenticated API exposure in industrial control products allows remote attackers to access critical functions without authentication.
Technical ContextAI
CWE-306 missing authentication for critical function. Unprotected API endpoints expose operational control capabilities.
Affected ProductsAI
Affected industrial control products
RemediationAI
Implement authentication on all API endpoints. Restrict network access to ICS systems.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today