Skip to main content

KTM System e-BOK CVE-2026-35098

| EUVDEUVD-2026-40325 MEDIUM
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-06-30 CERT-PL GHSA-j2ff-7q97-h87p
6.9
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-accessible unauthenticated login endpoint, no complexity; C:L/I:L reflects per-account data exposure on success; A:N as the portal remains available during brute-force.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 14:32 vuln.today

DescriptionCVE.org

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where passwords are restricted to a six‑digit numeric format, this becomes a critical issue, as such passwords can be brute‑forced in a relatively short time.

This issue was fixed in the patch published in June 2026.

AnalysisAI

Unlimited brute-force attacks against KTM System e-BOK user accounts are enabled by the complete absence of login rate limiting, account lockout, or authentication throttling on the portal's login endpoint. All versions prior to the June 2026 patch are affected, with the risk materially amplified by companion vulnerability CVE-2026-35097, which constrains passwords to a six-digit numeric format - reducing the effective keyspace to 1,000,000 combinations and making full exhaustion feasible with standard tooling in minutes to hours. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Enumerate valid e-BOK username
Delivery
Script automated HTTP login requests
Exploit
Iterate six-digit numeric password space
Execution
Authenticate as victim
Impact
Access customer account data

Vulnerability AssessmentAI

Exploitation Network access to the e-BOK login endpoint over HTTPS is required, which is the normal deployment condition for a customer-facing web portal. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 (Medium) with vector AV:N/AC:L/AT:N/PR:N/UI:N reflects a low-barrier attack path requiring no authentication, no complexity, and no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker who knows or enumerates a valid e-BOK username scripting HTTP POST requests to the login endpoint can iterate all 1,000,000 six-digit numeric password combinations without triggering any lockout or rate-limiting response from the application. At modest request rates achievable on a standard internet connection, the full keyspace can be exhausted within minutes to hours, yielding authenticated access to the target's customer account. …
Remediation Apply the patch published by KTM System in June 2026; the product page is at https://ktmsystem.pl/internetowe-biuro-obslugi-klienta/ and the CERT-PL advisory is at https://cert.pl/posts/2026/06/CVE-2026-35095/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-35098 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy