Skip to main content

KTM System e-BOK CVE-2026-35097

| EUVDEUVD-2026-40324 MEDIUM
Weak Password Requirements (CWE-521)
2026-06-30 CERT-PL GHSA-fv8h-9jrm-xcpc
6.9
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable login endpoint, no privileges needed to brute-force; limited C/I impact on account compromise; no availability impact confirmed by description.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 14:32 vuln.today

DescriptionCVE.org

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters.

This issue was fixed in the patch published in June 2026.

AnalysisAI

KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digits, prohibiting alphabetic, special, or extended characters and producing a maximum keyspace of only 1,000,000 possible values (10^6). This CWE-521 (Weak Password Requirements) flaw enables remote unauthenticated brute-force attacks against any customer account, as confirmed by the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify valid e-BOK account identifiers
Delivery
Automate HTTP authentication requests
Exploit
Iterate 6-digit numeric keyspace
Execution
Authenticate as victim customer
Impact
Access or modify customer account data

Vulnerability AssessmentAI

Exploitation No special or non-default configuration is required - the weak password policy is enforced system-wide for all e-BOK accounts by default, as described. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.9 (Medium) with vector AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L reflects a fully network-accessible, unauthenticated attack with partial impacts across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies valid e-BOK customer account identifiers through the application's login interface (e.g., via enumeration or publicly known customer ID formats), then uses an automated HTTP request tool to iterate through the 10^6 possible 6-digit PINs - prioritizing common patterns such as birth years, repeated digits, and sequential values. With no character complexity to navigate and a bounded keyspace, account compromise requires no specialized exploit code and can succeed within minutes to hours depending on rate limiting in place.
Remediation Apply the KTM System e-BOK patch published in June 2026, available through the vendor at https://ktmsystem.pl/internetowe-biuro-obslugi-klienta/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-28200 CRITICAL POC
9.8 May 09

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits o

CVE-2025-28389 CRITICAL POC
9.8 Jun 13

Critical authentication bypass vulnerability in OpenC3 COSMOS v6.0.0 caused by weak password requirements that enable br

CVE-2025-63747 CRITICAL POC
9.8 Nov 17

QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immedia

CVE-2026-6284 CRITICAL
9.3 Apr 17

Brute force password attacks against Horner Automation XL4/XL7 PLCs and Cscape software allow remote unauthenticated att

CVE-2025-1341 MEDIUM POC
6.3 Feb 16

A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. Rated medium severity (CVSS 6.3), this v

CVE-2025-25211 CRITICAL
9.8 Mar 31

Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. Rated critical severity (CVS

CVE-2025-27663 CRITICAL
9.8 Mar 05

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password E

CVE-2026-33771 CRITICAL
9.1 Apr 09

Juniper Networks CTP OS 9.2R1 and 9.2R2 fail to persist password complexity settings, enabling unauthenticated attackers

CVE-2025-5485 HIGH
8.6 Jun 12

User enumeration vulnerability affecting web management interfaces where usernames are limited to device identifiers (10

CVE-2025-9964 HIGH
8.6 Sep 23

No password for the root user is set in Novakon P series. Rated high severity (CVSS 8.6), this vulnerability is no authe

CVE-2026-41038 HIGH
7.6 Apr 21

Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers

CVE-2025-26847 HIGH
7.5 May 08

An issue was discovered in Znuny before 7.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

Share

CVE-2026-35097 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy