CVE-2026-23800 | THREATINT

Description

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

PUBLISHED Reserved 2026-01-16 | Published 2026-01-16 | Updated 2026-01-16 | Assigner Patchstack

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-266 Incorrect Privilege Assignment

Product status

Default status

unaffected

2.5.2 (custom) before 2.6.0

affected

Timeline

2026-01-16:	A vulnerability was identified through log analysis, indicating signs of active exploitation.
2026-01-16:	Patchstack released a RapidMitigate virtual patch.
2026-01-16:	The vendor provided a patch to the Patchstack Threat Intelligence team for validation.
2026-01-16:	The vendor officially released the patch (version 2.6.0).

Credits

Pikachu | Patchstack finder

References

patchstack.com/...ivilege-escalation-vulnerability?_s_id=cve vdb-entry

cve.org (CVE-2026-23800)

nvd.nist.gov (CVE-2026-23800)

Download JSON