Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local access and administrator privileges required to interact with removable media validation; no confidentiality or availability impact from unauthorized file write.
Primary rating from Vendor (TXOne).
CVSS VectorVendor: TXOne
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083.
AnalysisAI
Improper Access Control in TXOne Networks' Removable Media Validation function allows a local administrator to bypass the file lockdown mechanism enforced by SafePortAgent (before 3.2.5024) and StellarProtect (3.2.4011 through before 5.0.1083), enabling unauthorized file transfer to a protected device via specially prepared removable media. The attack requires pre-positioning unauthorized files on the removable media before insertion, making this a deliberate, multi-step insider or supply-chain adjacent threat rather than opportunistic exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold local administrator privileges on the target system running the vulnerable SafePortAgent or StellarProtect version - PR:H as reflected in the CVSS vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is moderate-to-low despite the I:H integrity rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious insider who holds local administrator credentials on a StellarProtect-protected OT workstation pre-loads an unauthorized executable or configuration file onto a USB drive. Upon inserting the drive, the attacker exploits the Removable Media Validation bypass to transfer the unauthorized file to the protected device without triggering the expected lockdown enforcement. … |
| Remediation | Upgrade SafePortAgent to version 3.2.5024 or later and StellarProtect to version 5.0.1083 or later, per the TXOne Networks PSIRT advisory at https://www.txone.com/psirt/cve-2026-41993/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45138
GHSA-29w9-32wg-pfh2