Skip to main content

TXOne StellarProtect CVE-2026-41993

| EUVDEUVD-2026-45138 MEDIUM
2026-07-17 TXOne GHSA-29w9-32wg-pfh2
6.7
CVSS 4.0 · Vendor: TXOne
Share

Severity by source

Vendor (TXOne) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local access and administrator privileges required to interact with removable media validation; no confidentiality or availability impact from unauthorized file write.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (TXOne).

CVSS VectorVendor: TXOne

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 17, 2026 - 06:47 EUVD
CVSS changed
Jul 17, 2026 - 05:22 NVD
4.4 (MEDIUM) 6.7 (MEDIUM)
Analysis Generated
Jul 17, 2026 - 05:18 vuln.today

DescriptionCVE.org

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083.

AnalysisAI

Improper Access Control in TXOne Networks' Removable Media Validation function allows a local administrator to bypass the file lockdown mechanism enforced by SafePortAgent (before 3.2.5024) and StellarProtect (3.2.4011 through before 5.0.1083), enabling unauthorized file transfer to a protected device via specially prepared removable media. The attack requires pre-positioning unauthorized files on the removable media before insertion, making this a deliberate, multi-step insider or supply-chain adjacent threat rather than opportunistic exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local administrator credentials
Delivery
Pre-stage unauthorized files on removable media
Exploit
Insert removable media into protected endpoint
Execution
Trigger Removable Media Validation bypass
Impact
Unauthorized file transferred to victim device

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold local administrator privileges on the target system running the vulnerable SafePortAgent or StellarProtect version - PR:H as reflected in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate-to-low despite the I:H integrity rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider who holds local administrator credentials on a StellarProtect-protected OT workstation pre-loads an unauthorized executable or configuration file onto a USB drive. Upon inserting the drive, the attacker exploits the Removable Media Validation bypass to transfer the unauthorized file to the protected device without triggering the expected lockdown enforcement. …
Remediation Upgrade SafePortAgent to version 3.2.5024 or later and StellarProtect to version 5.0.1083 or later, per the TXOne Networks PSIRT advisory at https://www.txone.com/psirt/cve-2026-41993/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-41993 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy