CVE-2023-26150

Name: CVE-2023-26150
Creator: NVD / NIST
Published: 2023-10-03T05:15:49.963+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.45%

Last modified Jun 17, 2026

CVE-2023-26150 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.45%

36.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Freeopcua	Opcua-Asyncio	< 0.9.96

References

https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121Exploit, Third Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844aPatch
https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513Patch
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014Exploit, Issue Tracking, Third Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/pull/1015Patch
https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96Product, Release Notes
https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435Exploit, Patch, Third Party Advisory
https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121Exploit, Third Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844aPatch
https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513Patch
https://github.com/FreeOpcUa/opcua-asyncio/issues/1014Exploit, Issue Tracking, Third Party Advisory
https://github.com/FreeOpcUa/opcua-asyncio/pull/1015Patch
https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96Product, Release Notes
https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435Exploit, Patch, Third Party Advisory

Timeline

Published: Oct 3, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-26150?

How severe is CVE-2023-26150?

CVE-2023-26150 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.

How do I fix CVE-2023-26150?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-26150?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST