CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

CVSS

No CVSS.

References

Link	Resource
https://info.cryptobox.com/doc/v4.40/4.40.en/

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-04 11:16

Updated : 2026-02-04 16:33

NVD link : CVE-2026-0873

Mitre link : CVE-2026-0873

CVE.ORG link : CVE-2026-0873

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1220

Insufficient Granularity of Access Control

{"id": "CVE-2026-0873", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-04T11:16:02.797", "references": [{"url": "https://info.cryptobox.com/doc/v4.40/4.40.en/", "source": "psirt@thalesgroup.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator."}, {"lang": "es", "value": "En una plataforma Cryptobox donde se utiliza la segregaci\u00f3n de administradores basada en entidades, algunas vulnerabilidades en la consola de administraci\u00f3n Ercom Cryptobox permiten a un administrador de entidad autenticado con conocimiento elevar su cuenta a administrador global."}], "lastModified": "2026-02-04T16:33:44.537", "sourceIdentifier": "psirt@thalesgroup.com"}

CVE-2026-0873

JSON object

Attach tags to CVE-2026-0873

Attach tags to `CVE-2026-0873`