CVE-2026-5434 | THREATINT

Description

Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data.

PUBLISHED Reserved 2026-04-02 | Published 2026-05-21 | Updated 2026-05-21 | Assigner Honeywell

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

Product status

Default status

unaffected

100.1 (cpe)

affected

Credits

Andreas Krämer, BASF Digital Solutions GmbH finder

Martin Floeck, BASF Digital Solutions GmbH finder

Stefan Stahl, BASF Digital Solutions GmbH finder

References

process.honeywell.com/ patch

cve.org (CVE-2026-5434)

nvd.nist.gov (CVE-2026-5434)

Download JSON