Description
SALTO ProAccess Space software using the tenancy feature / logical
partition is vulnerable to a privilege escalation attack that could
allow an authorized attacker to access any space managed by the affected
product.
Published: 2026-07-16
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13. To further enhance security after applying the update:  * Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet.  * Restrict operator-level accounts to the minimum required and apply least-privilege principles.  * If feasible, disable the partitioning feature and operate under a single partition.  * When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Description SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product.
Title SALTO ProAccess Space Authorization Bypass Through User-Controlled Key
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-07-16T20:38:46.479Z

Reserved: 2026-06-10T14:40:08.574Z

Link: CVE-2026-11889

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key