Common Weakness Enumeration

CWE-257

Allowed

Storing Passwords in a Recoverable Format

Abstraction: Base · Status: Incomplete

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

115 vulnerabilities reference this CWE, most recent first.

CVE-2026-30785 (GCVE-0-2026-30785)

Vulnerability from cvelistv5 – Published: 2026-03-05 16:04 – Updated: 2026-03-06 10:32
VLAI
Title
RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)
Summary
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id(). This issue affects RustDesk Client: through 1.4.5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-257
  • CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
  • CWE-323
  • CWE-916 - Use of Password Hash With Insufficient Computational Effort
Assigner
References
URL Tags
https://github.com/rustdesk/rustdesk/discussions/9229 technical-descriptionx_--config documentation
https://github.com/rustdesk/rustdesk/discussions/4979 technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6… third-party-advisoryexploit
https://www.vulsec.org/ vdb-entrythird-party-advisory
Impacted products
Vendor Product Version
rustdesk-client RustDesk Client Affected: 0 , ≤ 1.4.5 (custom)
Create a notification for this product.
Date Public
2026-03-05 13:45
Credits
Erez Kalman Erez Kalman
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30785",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T10:32:18.593322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T10:32:38.348Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/rustdesk/rustdesk/releases",
          "defaultStatus": "affected",
          "modules": [
            "Password security module",
            "config encryption",
            "machine UID"
          ],
          "packageName": "rustdesk, hbb_common",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "RustDesk Client",
          "programFiles": [
            "hbb_common/src/password_security.rs",
            "hbb_common/src/config.rs",
            "hbb_common/src/lib.rs (get_uuid)",
            "machine-uid/src/lib.rs"
          ],
          "programRoutines": [
            {
              "name": "symmetric_crypt()"
            },
            {
              "name": "encrypt_str_or_original()"
            },
            {
              "name": "decrypt_str_or_original()"
            },
            {
              "name": "get_uuid()"
            },
            {
              "name": "get_machine_id()"
            }
          ],
          "repo": "https://github.com/rustdesk/hbb_common,https://github.com/rustdesk-org/machine-uid",
          "vendor": "rustdesk-client",
          "versions": [
            {
              "lessThanOrEqual": "1.4.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default \u2014 any desktop installation with permanent password or saved peers"
            }
          ],
          "value": "Default \u2014 any desktop installation with permanent password or saved peers"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erez Kalman"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Erez Kalman"
        }
      ],
      "datePublic": "2026-03-05T13:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehbb_common/src/password_security.Rs\u003c/tt\u003e, \u003ctt\u003ehbb_common/src/config.Rs\u003c/tt\u003e, \u003ctt\u003ehbb_common/src/lib.Rs (get_uuid)\u003c/tt\u003e, \u003ctt\u003emachine-uid/src/lib.Rs\u003c/tt\u003e and program routines \u003ctt\u003esymmetric_crypt()\u003c/tt\u003e, \u003ctt\u003eencrypt_str_or_original()\u003c/tt\u003e, \u003ctt\u003edecrypt_str_or_original()\u003c/tt\u003e, \u003ctt\u003eget_uuid()\u003c/tt\u003e, \u003ctt\u003eget_machine_id()\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects RustDesk Client: through 1.4.5.\u003c/p\u003e"
            }
          ],
          "value": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbb_common on Windows, MacOS, Linux (Password security module, config encryption, machine UID modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files hbb_common/src/password_security.Rs, hbb_common/src/config.Rs, hbb_common/src/lib.Rs (get_uuid), machine-uid/src/lib.Rs and program routines symmetric_crypt(), encrypt_str_or_original(), decrypt_str_or_original(), get_uuid(), get_machine_id().\n\nThis issue affects RustDesk Client: through 1.4.5."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "PoC available. Trivially exploitable.\u003cbr\u003e"
            }
          ],
          "value": "PoC available. Trivially exploitable."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-323",
              "description": "CWE-323",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-916",
              "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T17:05:28.602Z",
        "orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
        "shortName": "VULSec"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "x_--config documentation"
          ],
          "url": "https://github.com/rustdesk/rustdesk/discussions/9229"
        },
        {
          "tags": [
            "technical-description",
            "x_--config documentation"
          ],
          "url": "https://github.com/rustdesk/rustdesk/discussions/4979"
        },
        {
          "tags": [
            "third-party-advisory",
            "exploit"
          ],
          "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
        },
        {
          "tags": [
            "vdb-entry",
            "third-party-advisory"
          ],
          "url": "https://www.vulsec.org/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use one-way hashing (Argon2id) for passwords. Use OS-native credential stores (DPAPI, Keychain, libsecret) for recoverable secrets. Apply proper KDF. Use random nonces."
            }
          ],
          "value": "Use one-way hashing (Argon2id) for passwords. Use OS-native credential stores (DPAPI, Keychain, libsecret) for recoverable secrets. Apply proper KDF. Use random nonces."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Set restrictive file permissions on TOML config files. Avoid saving peer passwords."
            }
          ],
          "value": "Set restrictive file permissions on TOML config files. Avoid saving peer passwords."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
    "assignerShortName": "VULSec",
    "cveId": "CVE-2026-30785",
    "datePublished": "2026-03-05T16:04:36.443Z",
    "dateReserved": "2026-03-05T14:13:35.407Z",
    "dateUpdated": "2026-03-06T10:32:38.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22614 (GCVE-0-2026-22614)

Vulnerability from cvelistv5 – Published: 2026-03-10 10:24 – Updated: 2026-03-10 13:49
VLAI
Summary
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing passwords in a recoverable format
Assigner
Impacted products
Vendor Product Version
Eaton EasySoft Affected: 0 , < 8.4 (custom)
Create a notification for this product.
Date Public
2026-03-10 10:06
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T13:49:20.151718Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T13:49:27.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EasySoft",
          "vendor": "Eaton",
          "versions": [
            {
              "lessThan": "8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T10:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The encryption mechanism used in Eaton\u0027s EasySoft project file was\u0026nbsp;insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre."
            }
          ],
          "value": "The encryption mechanism used in Eaton\u0027s EasySoft project file was\u00a0insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257 Storing passwords in a recoverable format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T10:24:35.909Z",
        "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "shortName": "Eaton"
      },
      "references": [
        {
          "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1023.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
    "assignerShortName": "Eaton",
    "cveId": "CVE-2026-22614",
    "datePublished": "2026-03-10T10:24:35.909Z",
    "dateReserved": "2026-01-08T04:55:11.728Z",
    "dateUpdated": "2026-03-10T13:49:27.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22576 (GCVE-0-2026-22576)

Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.4 (semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.4 (semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T16:29:52.411885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:46:17.327Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.4",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.2",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.4",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.2",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T15:38:05.576Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-104"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming  FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming  FortiSOAR PaaS version 7.5.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-22576",
    "datePublished": "2026-04-14T15:38:05.576Z",
    "dateReserved": "2026-01-07T18:30:44.883Z",
    "dateUpdated": "2026-04-14T16:46:17.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22574 (GCVE-0-2026-22574)

Vulnerability from cvelistv5 – Published: 2026-04-14 15:38 – Updated: 2026-04-14 16:46
VLAI
Summary
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiSOAR PaaS Affected: 7.6.0 , ≤ 7.6.4 (semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiSOAR on-premise Affected: 7.6.0 , ≤ 7.6.4 (semver)
Affected: 7.5.0 , ≤ 7.5.2 (semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver)
Affected: 7.3.0 , ≤ 7.3.3 (semver)
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22574",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T16:35:22.098427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T16:46:16.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR PaaS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.4",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.2",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR on-premise",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.4",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.5.2",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.3.3",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T15:38:08.130Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR on-premise version 7.6.5 or above\nUpgrade to upcoming  FortiSOAR on-premise version 7.5.3 or above\nUpgrade to FortiSOAR PaaS version 7.6.5 or above\nUpgrade to upcoming  FortiSOAR PaaS version 7.5.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2026-22574",
    "datePublished": "2026-04-14T15:38:08.130Z",
    "dateReserved": "2026-01-07T18:30:44.883Z",
    "dateUpdated": "2026-04-14T16:46:16.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20128 (GCVE-0-2026-20128)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-04-21 03:55
VLAI
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
Affected: 19.2.1
Affected: 18.4.4
Affected: 18.4.5
Affected: 20.1.1.1
Affected: 20.1.1
Affected: 19.3.0
Affected: 19.2.2
Affected: 19.2.099
Affected: 18.3.6
Affected: 18.3.7
Affected: 19.2.0
Affected: 18.3.8
Affected: 19.0.0
Affected: 19.1.0
Affected: 18.4.302
Affected: 18.4.303
Affected: 19.2.097
Affected: 19.2.098
Affected: 17.2.10
Affected: 18.3.6.1
Affected: 19.0.1a
Affected: 18.2.0
Affected: 18.4.3
Affected: 18.4.1
Affected: 17.2.8
Affected: 18.3.3.1
Affected: 18.4.0
Affected: 18.3.1
Affected: 17.2.6
Affected: 17.2.9
Affected: 18.3.4
Affected: 17.2.5
Affected: 18.3.1.1
Affected: 18.3.5
Affected: 18.4.0.1
Affected: 18.3.3
Affected: 17.2.7
Affected: 18.3.0
Affected: 19.2.3
Affected: 18.4.501_ES
Affected: 20.3.1
Affected: 20.1.2
Affected: 19.2.929
Affected: 19.2.31
Affected: 20.3.2
Affected: 19.2.32
Affected: 20.3.2.1
Affected: 20.3.2.1_927
Affected: 18.4.6
Affected: 20.3.2_928
Affected: 20.3.2_929
Affected: 20.4.1.0.1
Affected: 20.3.2.1_930
Affected: 19.2.4
Affected: 20.5.0.1.1
Affected: 20.4.1.1
Affected: 20.3.3
Affected: 19.2.4.0.1
Affected: 20.3.2_937
Affected: 20.5.1
Affected: 20.1.3
Affected: 20.3.3.0.4
Affected: 20.3.3.1.2
Affected: 20.3.3.1.1
Affected: 20.4.1.2
Affected: 20.3.3.0.2
Affected: 20.4.1.1.5
Affected: 20.4.1.0.02
Affected: 20.3.3.1.7
Affected: 20.3.3.1.5
Affected: 20.5.1.0.1
Affected: 20.3.3.1.10
Affected: 20.3.3.0.8
Affected: 20.4.2
Affected: 20.3.4
Affected: 20.3.3.0.14
Affected: 19.2.4.0.8
Affected: 19.2.4.0.9
Affected: 20.3.4.0.1
Affected: 20.3.2.0.5
Affected: 20.5.1.0.2
Affected: 20.6.1.1
Affected: 20.6.0.18.3
Affected: 20.3.2.0.6
Affected: 20.6.0.18.4
Affected: 20.4.2.0.2
Affected: 20.3.3.0.16
Affected: 20.6.1.0.1
Affected: 20.3.4.0.6
Affected: 20.7.1EFT2
Affected: 20.3.4.0.9
Affected: 20.3.4.0.11
Affected: 20.3.3.0.18
Affected: 20.6.2.1
Affected: 20.3.4.1
Affected: 20.4.2.1
Affected: 20.4.2.1.1
Affected: 20.3.4.1.1
Affected: 20.3.813
Affected: 20.3.4.0.19
Affected: 20.4.2.2.1
Affected: 20.5.1.2
Affected: 20.3.814
Affected: 20.4.2.2
Affected: 20.6.2.2
Affected: 20.3.4.2.1
Affected: 20.3.4.1.2
Affected: 20.3.4.0.20
Affected: 20.6.2.2.3
Affected: 20.4.2.2.2
Affected: 20.6.2.0.4
Affected: 20.3.4.0.24
Affected: 20.6.2.2.7
Affected: 20.3.4.2.2
Affected: 20.4.2.2.4
Affected: 20.3.5.0.8
Affected: 20.3.5.0.9
Affected: 20.3.5.0.7
Affected: 20.6.3.0.2
Affected: 20.9.1EFT2
Affected: 20.3.6
Affected: 20.3.7
Affected: 20.4.2.3
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.3.3.2
Affected: 20.3.7.1
Affected: 20.3.4.0.25
Affected: 20.6.2.2.4
Affected: 20.6.1.2
Affected: 20.1.3.1
Affected: 20.6.5.1.4
Affected: 20.3.8
Affected: 20.12.501
Affected: 26.1.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20128",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-04-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-21T03:55:31.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-20T00:00:00.000Z",
            "value": "CVE-2026-20128 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "20.3.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_927"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "20.3.2_928"
            },
            {
              "status": "affected",
              "version": "20.3.2_929"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_930"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "20.5.0.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_937"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.4.1.1.5"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.02"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.7"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.10"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.14"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.8"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.6.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.3"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.6.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.7.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.11"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.6.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.813"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.814"
            },
            {
              "status": "affected",
              "version": "20.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.20"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.7"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.9.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.12.501"
            },
            {
              "status": "affected",
              "version": "26.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T21:47:33.415Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwan-authbp-qwCX8D4v",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
        "defects": [
          "CSCws33585"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20128",
    "datePublished": "2026-02-25T16:14:12.353Z",
    "dateReserved": "2025-10-08T11:59:15.379Z",
    "dateUpdated": "2026-04-21T03:55:31.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1836 (GCVE-0-2026-1836)

Vulnerability from cvelistv5 – Published: 2026-06-12 13:23 – Updated: 2026-06-12 14:00
VLAI
Title
Stored credentials in Redmine
Summary
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing passwords in a recoverable format
Assigner
References
Impacted products
Vendor Product Version
Redmine Redmine Affected: 0 , < 6.0.7 (custom)
Affected: 0 , < 5.1.10 (custom)
Affected: 0 , < 5.0.14 (custom)
Unaffected: 6.0.7
Unaffected: 5.1.10
Unaffected: 5.0.14
Create a notification for this product.
Date Public
2026-03-31 10:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1836",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T14:00:02.963086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T14:00:11.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Redmine",
          "vendor": "Redmine",
          "versions": [
            {
              "lessThan": "6.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "6.0.7"
            },
            {
              "status": "unaffected",
              "version": "5.1.10"
            },
            {
              "status": "unaffected",
              "version": "5.0.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.7",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.1.10",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.0.14",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:6.0.7:*:*:*:*:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:5.1.10:*:*:*:*:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:redmine:redmine:5.0.14:*:*:*:*:*:*:*",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "datePublic": "2026-03-31T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials."
            }
          ],
          "value": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257 Storing passwords in a recoverable format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T13:23:31.810Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability has been fixed by Redmine team in versions 6.0.7, 5.1.10 and 5.0.14."
            }
          ],
          "value": "The vulnerability has been fixed by Redmine team in versions 6.0.7, 5.1.10 and 5.0.14."
        }
      ],
      "source": {
        "defect": [
          "David Rubio Lora"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Stored credentials in Redmine",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2026-1836",
    "datePublished": "2026-06-12T13:23:31.810Z",
    "dateReserved": "2026-02-03T15:43:30.850Z",
    "dateUpdated": "2026-06-12T14:00:11.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58049 (GCVE-0-2025-58049)

Vulnerability from cvelistv5 – Published: 2025-08-28 17:43 – Updated: 2025-08-28 18:15
VLAI
Title
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
xwiki xwiki-platform Affected: >= 14.4.2, < 16.4.8
Affected: >= 16.5.0-rc-1, < 16.10.7
Affected: >= 17.0.0-rc-1, < 17.4.0-rc-1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T18:15:42.371947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T18:15:47.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 14.4.2, \u003c 16.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.10.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-rc-1, \u003c 17.4.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn\u0027t store passwords in plain text, and it shouldn\u0027t be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T17:43:39.779Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9m7c-m33f-3429"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/60982ad0057b1701ed8297f28cad35d170686539"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-23151",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-23151"
        }
      ],
      "source": {
        "advisory": "GHSA-9m7c-m33f-3429",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki PDF export jobs store sensitive cookies unencrypted in job statuses"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58049",
    "datePublished": "2025-08-28T17:43:39.779Z",
    "dateReserved": "2025-08-22T14:30:32.221Z",
    "dateUpdated": "2025-08-28T18:15:47.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-57796 (GCVE-0-2025-57796)

Vulnerability from cvelistv5 – Published: 2026-01-28 17:47 – Updated: 2026-01-28 18:11
VLAI
Title
Use of a hardcoded static key to protect sensitive data in Explorance Blue
Summary
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
Explorance Blue Affected: 0 , < 8.14.12 (custom)
Create a notification for this product.
Credits
Abdulrahman Nour, Mandiant Abdulrahman Nour, Mandiant
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-57796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-28T18:10:56.263409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-28T18:11:13.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Blue",
          "vendor": "Explorance",
          "versions": [
            {
              "lessThan": "8.14.12",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Abdulrahman Nour, Mandiant"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Abdulrahman Nour, Mandiant"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained."
            }
          ],
          "value": "Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-50",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-50 Password Recovery Exploitation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257:Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T17:49:50.244Z",
        "orgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
        "shortName": "Mandiant"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.explorance.com/products/blue"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57796"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0005.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use of a hardcoded static key to protect sensitive data in Explorance Blue",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "027e81ed-0dd4-4685-ab4d-884aec5bb484",
    "assignerShortName": "Mandiant",
    "cveId": "CVE-2025-57796",
    "datePublished": "2026-01-28T17:47:56.607Z",
    "dateReserved": "2025-08-19T19:08:41.742Z",
    "dateUpdated": "2026-01-28T18:11:13.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-57789 (GCVE-0-2025-57789)

Vulnerability from cvelistv5 – Published: 2025-08-20 03:22 – Updated: 2026-02-26 17:48
VLAI
Title
Vulnerability in Initial Administrator Login Process
Summary
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
Commvault CommCell Affected: 11.32.0 , ≤ 11.32.101 (semver)
Affected: 11.36.0 , ≤ 11.36.59 (semver)
Create a notification for this product.
Credits
Sonny and Piotr Bazydlo (@chudyPB) of watchTowr
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T03:55:09.971466Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:48:25.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CommCell",
          "vendor": "Commvault",
          "versions": [
            {
              "lessThanOrEqual": "11.32.101",
              "status": "affected",
              "version": "11.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.36.59",
              "status": "affected",
              "version": "11.36.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sonny and Piotr Bazydlo (@chudyPB) of watchTowr"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257: Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T15:54:49.968Z",
        "orgId": "050066fd-a2f9-4f32-ab5d-4c53f48bc333",
        "shortName": "Commvault"
      },
      "references": [
        {
          "url": "https://documentation.commvault.com/securityadvisories/CV_2025_08_4.html"
        }
      ],
      "title": "Vulnerability in Initial Administrator Login Process"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57789",
    "datePublished": "2025-08-20T03:22:08.764Z",
    "dateReserved": "2025-08-19T18:25:57.338Z",
    "dateUpdated": "2026-02-26T17:48:25.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-44958 (GCVE-0-2025-44958)

Vulnerability from cvelistv5 – Published: 2025-08-04 00:00 – Updated: 2025-11-03 20:04
VLAI
Summary
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-257 - Storing Passwords in a Recoverable Format
Assigner
Impacted products
Vendor Product Version
RUCKUS Network Director Affected: 0 , < 4.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-44958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T17:42:15.882953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T17:42:21.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:15.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/613753"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Network Director",
          "vendor": "RUCKUS",
          "versions": [
            {
              "lessThan": "4.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-257",
              "description": "CWE-257 Storing Passwords in a Recoverable Format",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T16:30:06.719Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://kb.cert.org/vuls/id/613753"
        },
        {
          "url": "https://webresources.commscope.com/download/assets/FAQ+Security+Advisory%3A+ID+20250710/225f44ac3bd311f095821adcaa92e24e"
        },
        {
          "url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44958"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-44958",
    "datePublished": "2025-08-04T00:00:00.000Z",
    "dateReserved": "2025-04-22T00:00:00.000Z",
    "dateUpdated": "2025-11-03T20:04:15.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Use strong, non-reversible encryption to protect stored passwords.

CAPEC-49: Password Brute Forcing

An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password.