CVE-2026-0393
Last modified
CVE-2026-0393 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Codesys | Visualization | >= 1.0.0.0, < 4.10.0.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0393?
How severe is CVE-2026-0393?
How do I fix CVE-2026-0393?
Are you affected by CVE-2026-0393?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST