Skip to main content

Biostar 2 Server

1 CVEs product

Monthly

CVE-2026-9509 HIGH PATCH This Week

Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.

Denial Of Service Biostar 2 Server
NVD
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.

Denial Of Service Biostar 2 Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy