Description
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
Published: 2026-06-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows users to bypass a connection confirmation pop‑up within the PcSuite application, removing a necessary step that otherwise requires user approval. This flaw is classified as an authorization bypass and could enable unintended actions to be carried out without explicit user consent. The CVSS score of 5.3 indicates a moderate severity, reflecting limited impact to confidentiality and availability but a noteworthy threat to integrity and proper authorization controls.

Affected Systems

The affected system is the vivo PcSuite application. No specific version information is listed, so all releases of this product are potentially vulnerable.

Risk and Exploitability

The CVSS base score of 5.3 signals moderate risk, yet the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. There is no disclosed exploit code, and the request path for exploitation is inferred to involve using the feature that triggers the confirmation pop‑up; the likely attack vector is local or possibly remote if the feature can be accessed over a network. The absence of exploitation data suggests that while the flaw exists, it is not yet widely leveraged by attackers.

Generated by OpenCVE AI on June 12, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update PcSuite to the latest version provided by vivo, as newer releases may contain a fix for the confirmation bypass.
  • If an update is unavailable, limit or disable the feature that triggers the connection confirmation pop‑up to prevent unauthorized use.
  • Monitor user activity logs for unexpected actions that might indicate the pop‑up has been bypassed and take corrective action if necessary.

Generated by OpenCVE AI on June 12, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 09:30:00 +0000

Type Values Removed Values Added
Title Bypass of Connection Confirmation Pop‑up in vivo PcSuite

Fri, 12 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Description The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
Weaknesses CWE-807
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Vivo

Published:

Updated: 2026-06-12T13:47:01.315Z

Reserved: 2026-06-12T03:02:57.208Z

Link: CVE-2026-12058

cve-icon Vulnrichment

Updated: 2026-06-12T13:46:42.509Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T09:16:29.527

Modified: 2026-06-12T16:06:47.720

Link: CVE-2026-12058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T09:30:07Z

Weaknesses
  • CWE-807

    Reliance on Untrusted Inputs in a Security Decision