Skip to main content

Osos

1 CVEs product

Monthly

CVE-2026-1365 MEDIUM This Month

Sensitive authentication data is inserted into network-transmitted responses in OSOS, the energy management platform by Sayax Energy Technologies Inc., enabling authenticated low-privilege users to extract credentials or session tokens and bypass authentication controls. All versions through build 09072026 are affected with no vendor patch available - TR-CERT disclosed this vulnerability but received no response from the vendor. No public exploit code has been identified at time of analysis, though the network-accessible attack vector with low complexity raises practical risk in industrial energy environments where even low-privilege account access is common.

Authentication Bypass Osos
NVD
CVSS 3.1
6.5
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Sensitive authentication data is inserted into network-transmitted responses in OSOS, the energy management platform by Sayax Energy Technologies Inc., enabling authenticated low-privilege users to extract credentials or session tokens and bypass authentication controls. All versions through build 09072026 are affected with no vendor patch available - TR-CERT disclosed this vulnerability but received no response from the vendor. No public exploit code has been identified at time of analysis, though the network-accessible attack vector with low complexity raises practical risk in industrial energy environments where even low-privilege account access is common.

Authentication Bypass Osos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy