CVE-2026-0873 | THREATINT

Description

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-04 | Updated 2026-02-04 | Assigner THA-PSIRT

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CWE-1220: Insufficient Granularity of Access Control

Product status

Default status

affected

v4.40.x

unaffected

References

info.cryptobox.com/doc/v4.40/4.40.en/

cve.org (CVE-2026-0873)

nvd.nist.gov (CVE-2026-0873)

Download JSON