partition is vulnerable to a privilege escalation attack that could
allow an authorized attacker to access any space managed by the affected
product.
No analysis available yet.
Vendor Solution
Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13. To further enhance security after applying the update: * Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. * Restrict operator-level accounts to the minimum required and apply least-privilege principles. * If feasible, disable the partitioning feature and operate under a single partition. * When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product. | |
| Title | SALTO ProAccess Space Authorization Bypass Through User-Controlled Key | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-16T20:38:46.479Z
Reserved: 2026-06-10T14:40:08.574Z
Link: CVE-2026-11889
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-639
Authorization Bypass Through User-Controlled Key