Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Authenticated tenant user (PR:L) exploits an IDOR over the network (AV:N/AC:L/UI:N) to alter cross-tenant resources, giving integrity impact only (I:H, C:N/A:N), no scope change.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product.
AnalysisAI
Privilege escalation in SALTO ProAccess Space access-control software allows an authenticated tenant user to break out of their assigned logical partition and reach any space managed by the platform. The flaw exists specifically when the multi-tenancy / logical partition feature is in use, letting a low-privileged authorized user manipulate an object reference to act on resources belonging to other tenants. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the ProAccess Space deployment to be running with the tenancy feature / logical partition enabled - that specific configuration IS the precondition; single-tenant installations without logical partitioning are not in scope. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 vector (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N, base 7.1 / High) indicates network-reachable, low-complexity exploitation requiring low privileges and no user interaction, with high integrity impact but no confidentiality or availability impact - meaning an attacker can alter/control resources across tenants rather than merely read data or crash the service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds or obtains a legitimate low-privileged operator account for one tenant in a shared ProAccess Space deployment sends crafted requests that reference a partition or space identifier belonging to a different tenant. Because the server trusts the supplied object reference (CWE-639), the request is honored, letting the attacker view or modify access-control configuration for spaces they should not manage. … |
| Remediation | No vendor-released patch version is identified at time of analysis in the provided data; consult the CISA ICS advisory (https://www.cisa.gov/news-events/ics-advisories/icsa-26-197-07) and its CSAF file (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-197-07.json) for the fixed release and vendor guidance, then upgrade ProAccess Space to that version once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit all SALTO ProAccess Space deployments to identify systems with multi-tenancy enabled and document current tenant configurations, assigned user privileges, and logical partition assignments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Proaccess Space
View allAn issue was discovered in SALTO ProAccess SPACE 5.4.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remo
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. Rated high severity (CVSS 8.6), thi
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. Rated medium severity (CVSS 5.5), this vulnerability is low at
SALTO ProAccess SPACE 5.4.3.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable,
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45039
GHSA-4g4j-8g2w-gqh9