Skip to main content

LimRAD NAC CVE-2026-6371

| EUVDEUVD-2026-42222 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-08 TR-CERT GHSA-8hxc-h3cp-54g8
4.8
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
4.8 MEDIUM
AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
4.8 MEDIUM

Adjacent vector reflects internal NAC deployment; low privileges required to inject stored content; scope change inherent to XSS executing in victim browser context.

3.1 AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 12:43 vuln.today

DescriptionCVE.org

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS.

This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stored cross-site scripting in Limatek System Inc.'s LimRAD NAC through version 08072026 allows an adjacent-network, low-privileged attacker to inject persistent malicious scripts that execute in victims' browsers when affected pages are loaded. The CVSS scope change (S:C) confirms that injected script execution crosses into the victim's browser security context, enabling potential session hijacking or credential theft targeting higher-privileged users such as administrators. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege credentials for LimRAD NAC
Delivery
Inject stored XSS payload into persistent application field
Exploit
Privileged user loads affected management page
Execution
Malicious script executes in admin browser context
Impact
Exfiltrate session token or perform unauthorized NAC actions

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: first, the attacker must be on the same adjacent network segment or VLAN as the LimRAD NAC management interface (AV:A), ruling out direct internet-based exploitation; second, the attacker must possess at least low-level authenticated access to the NAC system (PR:L), meaning unauthenticated exploitation is not supported by the available CVSS data; third, a victim user must actively load the web page containing the injected payload (UI:R), preventing fully automated or non-interactive exploitation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 4.8 (Medium) accurately captures a constrained but real attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege credentials on the same internal network segment as the LimRAD NAC management interface submits a crafted payload into a stored input field - such as a device label, comment, or profile attribute - causing the script to persist in the application database. When a network administrator subsequently loads the affected management page, the stored script executes silently in their browser, potentially exfiltrating the admin's session token to an attacker-controlled endpoint or performing privileged actions within the NAC management console. …
Remediation No vendor-released patch has been identified at time of analysis; the vendor did not respond to TR-CERT's disclosure, leaving no official fix or upgrade path available. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy