Home

Description

Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a Denial of Service (DoS) via removing the license from the webserver.

PUBLISHED Reserved 2026-04-06 | Published 2026-07-14 | Updated 2026-07-14 | Assigner mitre

References

caxperts.com

universalplantviewer.com

medium.com/.../hello-world-first-post-first-cve-6671b82e2b71

cve.org (CVE-2026-36035)

nvd.nist.gov (CVE-2026-36035)

Download JSON