CWE-923
Allowed-with-ReviewImproper Restriction of Communication Channel to Intended Endpoints
Abstraction: Class · Status: Incomplete
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
112 vulnerabilities reference this CWE, most recent first.
CVE-2026-59841 (GCVE-0-2026-59841)
Vulnerability from cvelistv5 – Published: 2026-07-14 15:15 – Updated: 2026-07-15 03:59- CWE-923 - Escalation of privilege
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiSIEMWindowsAgent |
Affected:
7.4.0 , ≤ 7.4.1
(semver)
cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:10.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisiemwindowsagent:7.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSIEMWindowsAgent",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper restriction of communication channel to intended endpoints vulnerability in Fortinet FortiSIEMWindowsAgent 7.4.0 through 7.4.1 may allow attacker to escalation of privilege via \u003cinsert attack vector here\u003e"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:15:08.048Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-155"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiSIEMWindowsAgent version 7.4.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2026-59841",
"datePublished": "2026-07-14T15:15:08.048Z",
"dateReserved": "2026-07-07T15:21:38.323Z",
"dateUpdated": "2026-07-15T03:59:10.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57028 (GCVE-0-2026-57028)
Vulnerability from cvelistv5 – Published: 2026-07-09 21:08 – Updated: 2026-07-10 14:37- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA110088 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 23.2R2-EVO
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T14:37:11.630273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T14:37:21.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\u003c/p\u003e\u003cp\u003eThis issue affects all Junos OS Evolved versions before 23.2R2-EVO.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion.\n\n\nDue to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management.\n\nThis issue affects all Junos OS Evolved versions before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T21:08:25.702Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA110088"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA110088",
"defect": [
"1729581"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-57028",
"datePublished": "2026-07-09T21:08:25.702Z",
"dateReserved": "2026-06-23T16:27:00.248Z",
"dateUpdated": "2026-07-10T14:37:21.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55655 (GCVE-0-2026-55655)
Vulnerability from cvelistv5 – Published: 2026-06-23 03:36 – Updated: 2026-07-08 13:59- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:36759 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-55655 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2462250 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images |
Unaffected:
10.3p1-6.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T12:21:42.502865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T12:21:47.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "openssh-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "10.3p1-6.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unknown",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-22T23:22:11.127Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T13:59:46.603Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:36759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36759"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-55655"
},
{
"name": "RHBZ#2462250",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2462250"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-26T18:39:13.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-22T23:22:11.127Z",
"value": "Made public."
}
],
"title": "Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, disable X11 forwarding on OpenSSH clients when it is not required. This can be achieved by avoiding the use of `-X` or `-Y` options when invoking `ssh`, or by setting `ForwardX11 no` in the SSH client configuration file (`~/.ssh/config` or `/etc/ssh/ssh_config`). Disabling X11 forwarding will prevent the client from attempting to establish X11 connections, thereby removing the attack vector."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-55655",
"datePublished": "2026-06-23T03:36:25.724Z",
"dateReserved": "2026-06-16T23:55:05.737Z",
"dateUpdated": "2026-07-08T13:59:46.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34205 (GCVE-0-2026-34205)
Vulnerability from cvelistv5 – Published: 2026-03-27 19:41 – Updated: 2026-04-01 03:55- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| URL | Tags |
|---|---|
| https://github.com/home-assistant/core/security/a… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| home-assistant | Home Assistant Operating System |
Affected:
<= 17.1
|
|
| home-assistant | Home Assistant Supervisor |
Affected:
< 2026.03.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T03:55:28.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Home Assistant Operating System",
"vendor": "home-assistant",
"versions": [
{
"status": "affected",
"version": "\u003c= 17.1"
}
]
},
{
"product": "Home Assistant Supervisor",
"vendor": "home-assistant",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.03.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Home Assistant is open source home automation software that puts local control and privacy first. Home Assistant apps (formerly add-ons) configured with host network mode expose unauthenticated endpoints bound to the internal Docker bridge interface to the local network. On Linux, this configuration does not restrict access to the app as intended, allowing any device on the same network to reach these endpoints without authentication. Home Assistant Supervisor 2026.03.02 addresses the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:41:10.707Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/home-assistant/core/security/advisories/GHSA-gh5m-4m97-c95h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/home-assistant/core/security/advisories/GHSA-gh5m-4m97-c95h"
}
],
"source": {
"advisory": "GHSA-gh5m-4m97-c95h",
"discovery": "UNKNOWN"
},
"title": "Home Assistant: Unauthenticated App (Add-on) Endpoints Exposed to Local Network via Host Network Mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34205",
"datePublished": "2026-03-27T19:41:10.707Z",
"dateReserved": "2026-03-26T15:57:52.323Z",
"dateUpdated": "2026-04-01T03:55:28.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33803 (GCVE-0-2026-33803)
Vulnerability from cvelistv5 – Published: 2026-07-09 21:04 – Updated: 2026-07-10 13:30- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA110078 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 23.2R2-S7-EVO
(custom)
Affected: 23.4 , < 23.4R2-S8-EVO (custom) Affected: 24.2 , < 24.2R2-S5-EVO (custom) Affected: 24.4 , < 24.4R2-S4-EVO (custom) Affected: 25.2 , < 25.2R2-S1-EVO (custom) Affected: 25.4 , < 25.4R1-S2-EVO (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T13:30:15.593698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T13:30:26.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.4R2-S8-EVO",
"status": "affected",
"version": "23.4",
"versionType": "custom"
},
{
"lessThan": "24.2R2-S5-EVO",
"status": "affected",
"version": "24.2",
"versionType": "custom"
},
{
"lessThan": "24.4R2-S4-EVO",
"status": "affected",
"version": "24.4",
"versionType": "custom"
},
{
"lessThan": "25.2R2-S1-EVO",
"status": "affected",
"version": "25.2",
"versionType": "custom"
},
{
"lessThan": "25.4R1-S2-EVO",
"status": "affected",
"version": "25.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e25.4 versions before 25.4R1-S2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device.\n\n\nDue to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets.\n\nThis issue affects Junos OS Evolved:\n\n\n * all versions before 23.2R2-S7-EVO,\n * 23.4 versions before 23.4R2-S8-EVO,\n * 24.2 versions before 24.2R2-S5-EVO,\n * 24.4 versions before 24.4R2-S4-EVO,\n * 25.2 versions before 25.2R2-S1-EVO,\n * 25.4 versions before 25.4R1-S2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T21:04:14.997Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA110078"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-S5-EVO, 24.4R2-S4-EVO, 25.2R2-S1-EVO, 25.4R1-S2-EVO, 25.4R2-EVO, 26.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA110078",
"defect": [
"1909908"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003ePlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
}
],
"value": "There are no known workarounds for this issue.\n\nPlease ensure that your control plane protection only explicitly permits access to ports intended to be reachable and only from authorized endpoints. All other traffic destined to the control plane should be disallowed."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-33803",
"datePublished": "2026-07-09T21:04:14.997Z",
"dateReserved": "2026-03-23T19:46:13.674Z",
"dateUpdated": "2026-07-10T13:30:26.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32318 (GCVE-0-2026-32318)
Vulnerability from cvelistv5 – Published: 2026-03-20 18:27 – Updated: 2026-03-20 19:20| URL | Tags |
|---|---|
| https://github.com/cryptomator/ios/security/advis… | x_refsource_CONFIRM |
| https://github.com/cryptomator/ios/pull/444 | x_refsource_MISC |
| https://github.com/cryptomator/ios/commit/98c3128… | x_refsource_MISC |
| https://github.com/cryptomator/ios/releases/tag/2.8.3 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| cryptomator | ios |
Affected:
< 2.8.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T19:20:21.249870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T19:20:49.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ios",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 2.8.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:27:22.410Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/ios/security/advisories/GHSA-g7fr-c82r-hm6j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/ios/security/advisories/GHSA-g7fr-c82r-hm6j"
},
{
"name": "https://github.com/cryptomator/ios/pull/444",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/ios/pull/444"
},
{
"name": "https://github.com/cryptomator/ios/commit/98c31280304af65c0932eb547d5fe4be2d16929c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/ios/commit/98c31280304af65c0932eb547d5fe4be2d16929c"
},
{
"name": "https://github.com/cryptomator/ios/releases/tag/2.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/ios/releases/tag/2.8.3"
}
],
"source": {
"advisory": "GHSA-g7fr-c82r-hm6j",
"discovery": "UNKNOWN"
},
"title": "Cryptomator for IOS: Tampered vault configuration allows MITM attack on Hub API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32318",
"datePublished": "2026-03-20T18:27:22.410Z",
"dateReserved": "2026-03-11T21:16:21.660Z",
"dateUpdated": "2026-03-20T19:20:49.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32317 (GCVE-0-2026-32317)
Vulnerability from cvelistv5 – Published: 2026-03-20 18:29 – Updated: 2026-03-20 18:55| URL | Tags |
|---|---|
| https://github.com/cryptomator/android/security/a… | x_refsource_CONFIRM |
| https://github.com/cryptomator/android/releases/t… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| cryptomator | android |
Affected:
< 1.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T18:55:10.511313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:55:21.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "android",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.12.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:29:01.127Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/android/security/advisories/GHSA-876q-q3mm-fcvj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/android/security/advisories/GHSA-876q-q3mm-fcvj"
},
{
"name": "https://github.com/cryptomator/android/releases/tag/1.12.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/android/releases/tag/1.12.3"
}
],
"source": {
"advisory": "GHSA-876q-q3mm-fcvj",
"discovery": "UNKNOWN"
},
"title": "Cryptomator for Android: Tampered vault configuration allows MITM attack on Hub API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32317",
"datePublished": "2026-03-20T18:29:01.127Z",
"dateReserved": "2026-03-11T21:16:21.660Z",
"dateUpdated": "2026-03-20T18:55:21.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32303 (GCVE-0-2026-32303)
Vulnerability from cvelistv5 – Published: 2026-03-20 17:57 – Updated: 2026-03-23 21:41| URL | Tags |
|---|---|
| https://github.com/cryptomator/cryptomator/securi… | x_refsource_CONFIRM |
| https://github.com/cryptomator/cryptomator/pull/4179 | x_refsource_MISC |
| https://github.com/cryptomator/cryptomator/commit… | x_refsource_MISC |
| https://github.com/cryptomator/cryptomator/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| cryptomator | cryptomator |
Affected:
< 1.19.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T20:52:44.437617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T21:41:57.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cryptomator",
"vendor": "cryptomator",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Before this fix, the client trusted endpoints from the vault config without host authenticity checks, which could allow token exfiltration by mixing a legitimate auth endpoint with a malicious API endpoint. Impacted are users unlocking Hub-backed vaults with affected client versions in environments where an attacker can alter the vault.cryptomator file. This issue has been patched in version 1.19.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T17:57:31.884Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-34rf-rwr3-7g43"
},
{
"name": "https://github.com/cryptomator/cryptomator/pull/4179",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/pull/4179"
},
{
"name": "https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/commit/6b82abcd80449a30b561d823193f9ecea542a625"
},
{
"name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.1"
}
],
"source": {
"advisory": "GHSA-34rf-rwr3-7g43",
"discovery": "UNKNOWN"
},
"title": "Cryptomator: Tampered vault configuration allows MITM attack on Hub API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32303",
"datePublished": "2026-03-20T17:57:31.884Z",
"dateReserved": "2026-03-11T21:16:21.659Z",
"dateUpdated": "2026-03-23T21:41:57.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23664 (GCVE-0-2026-23664)
Vulnerability from cvelistv5 – Published: 2026-03-10 17:04 – Updated: 2026-06-19 18:17- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure IoT Explorer |
Affected:
1.0.0 , < 0.15.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:46:18.235377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T14:46:41.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Azure IoT Explorer",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "0.15.13",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_iot_explorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.15.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-10T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T18:17:21.502Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure IoT Explorer Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23664"
}
],
"title": "Azure IoT Explorer Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-23664",
"datePublished": "2026-03-10T17:04:34.104Z",
"dateReserved": "2026-01-14T16:59:33.463Z",
"dateUpdated": "2026-06-19T18:17:21.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22726 (GCVE-0-2026-22726)
Vulnerability from cvelistv5 – Published: 2026-04-30 23:17 – Updated: 2026-05-01 14:19- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
| Vendor | Product | Version | |
|---|---|---|---|
| CloudFoundry Foundation | Routing release |
Affected:
v0.118.0 , < v0.372.0
(custom)
|
|
| CloudFoundry Foundation | CF Deployment |
Affected:
v0.0.2 , < v55.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:19:03.488133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:19:13.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Routing release",
"vendor": "CloudFoundry Foundation",
"versions": [
{
"lessThan": "v0.372.0",
"status": "affected",
"version": "v0.118.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CF Deployment",
"vendor": "CloudFoundry Foundation",
"versions": [
{
"lessThan": "v55.0.0",
"status": "affected",
"version": "v0.0.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Route Services can be leveraged to send app traffic to network destinations outside of an app\u0027s configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.\nRouting release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0)."
}
],
"value": "Route Services can be leveraged to send app traffic to network destinations outside of an app\u0027s configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application.\nRouting release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A privileged user can bypass application egress policy via route services; per CVSS v3.1 base, confidentiality and integrity are None and availability is Low."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T23:26:19.891Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2026-22726-route-services-firewall-bypass/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Route Services Firewall Bypass",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22726",
"datePublished": "2026-04-30T23:17:00.707Z",
"dateReserved": "2026-01-09T06:54:41.497Z",
"dateUpdated": "2026-05-01T14:19:13.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-161: Infrastructure Manipulation
An attacker exploits characteristics of the infrastructure of a network entity in order to perpetrate attacks or information gathering on network objects or effect a change in the ordinary information flow between network objects. Most often, this involves manipulation of the routing of network messages so, instead of arriving at their proper destination, they are directed towards an entity of the attackers' choosing, usually a server controlled by the attacker. The victim is often unaware that their messages are not being processed correctly. For example, a targeted client may believe they are connecting to their own bank but, in fact, be connecting to a Pharming site controlled by the attacker which then collects the user's login information in order to hijack the actual bank account.
CAPEC-481: Contradictory Destinations in Traffic Routing Schemes
Adversaries can provide contradictory destinations when sending messages. Traffic is routed in networks using the domain names in various headers available at different levels of the OSI model. In a Content Delivery Network (CDN) multiple domains might be available, and if there are contradictory domain names provided it is possible to route traffic to an inappropriate destination. The technique, called Domain Fronting, involves using different domain names in the SNI field of the TLS header and the Host field of the HTTP header. An alternative technique, called Domainless Fronting, is similar, but the SNI field is left blank.
CAPEC-501: Android Activity Hijack
An adversary intercepts an implicit intent sent to launch a Android-based trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.
CAPEC-697: DHCP Spoofing
An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.