Security Center
CVE-2026-2698
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
AnalysisAI
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope, allowing privilege escalation to view sensitive data. An attacker with valid credentials can bypass authorization checks to access confidential information outside their assigned permissions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-639 (Authorization Bypass Through User-Controlled Key). Affects Security Center. An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Security Center
View allSQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerabi
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Se
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker co
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Secu
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges thr
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today