CVE-2026-26049 | THREATINT

Description

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form caching.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-20 | Updated 2026-02-20 | Assigner icscert

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-522

Product status

Default status

unaffected

Any version

affected

Credits

Abhishek Pandey of Payatu Security Consulting reported this to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-050-03

github.com/...p/csaf_files/OT/white/2026/icsa-26-050-03.json

cve.org (CVE-2026-26049)

nvd.nist.gov (CVE-2026-26049)

Download JSON