Is Jwt Attack affected by CVE-2026-24032?

Siemens SINEC NMS versions prior to V4.0 SP3 contain an authentication bypass vulnerability in the UMC component that allows unauthenticated remote attackers to gain unauthorized access to the network management system.

CVE-2026-24032

Q: How to fix CVE-2026-24032?

Within 24 hours: Identify and document all Siemens SINEC NMS installations with versions prior to V4.0 SP3, particularly those with UMC enabled and internet-facing access. Within 7 days: Implement network segmentation to restrict remote access to SINEC NMS systems to authorized management networks only; deploy enhanced monitoring on SINEC NMS authentication logs for anomalous access patterns. Within 30 days: Upgrade all affected systems to Siemens SINEC NMS V4.0 SP3 or later following vendor patch release and change management procedures; validate patch deployment and re-test access controls.

EUVD-2026-22233 MEDIUM

2026-04-14 siemens

GHSA-7f3f-wq83-6q76

Authentication Bypass Jwt Attack

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 14, 2026 - 09:22 NVD

HIGH MEDIUM

CVSS Changed

Apr 14, 2026 - 09:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 14, 2026 - 09:11 vuln.today

DescriptionNVD

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)

AnalysisAI

Authentication bypass in Siemens SINEC NMS versions prior to V4.0 SP3 with UMC allows unauthenticated remote attackers to gain unauthorized access due to insufficient user identity validation in the UMC component (CWE-347: Improper Verification of Cryptographic Signature). The vulnerability enables network-based attacks with low complexity requiring no user interaction (CVSS 7.3, AV:N/AC:L/PR:N/UI:N), granting partial access to confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Identify and document all Siemens SINEC NMS installations with versions prior to V4.0 SP3, particularly those with UMC enabled and internet-facing access. Within 7 days: Implement network segmentation to restrict remote access to SINEC NMS systems to authorized management networks only; deploy enhanced monitoring on SINEC NMS authentication logs for anomalous access patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24032 vulnerability details – vuln.today

Back

CVE-2026-24032

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

CVE-2026-24032

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code