Description
Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.
Published: 2026-03-25
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The vulnerability stems from incorrect privilege assignment in HYPR Server, allowing a user or process to elevate its privileges beyond intended boundaries. This flaw enables an adversary to gain higher-level access, potentially compromising confidentiality, integrity, and availability of the system. The weakness is identified as a failure of authorization controls.

Affected Systems

HYPR, Server product, is affected for all releases from version 10.5.1 up to but not including 10.7. Users running any of these versions should verify their system against the vulnerability.

Risk and Exploitability

Commercial security ratings assign a CVSS score of 5.8, indicating moderate severity, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is that an attacker with limited access to the server environment could exploit the privilege assignment flaw to elevate privileges. This inference is drawn from the mention of privilege escalation and lacks explicit details on the precise exploitation method.

Generated by OpenCVE AI on March 25, 2026 at 19:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HYPR Server update that addresses the privilege assignment flaw.
  • Verify the server version is not within the 10.5.1 through 10.6.x range and monitor for any unusual privilege escalation activity.

Generated by OpenCVE AI on March 25, 2026 at 19:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Hypr
Hypr server
Vendors & Products Hypr
Hypr server

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in HYPR Server via Inadequate Privilege Assignment

Wed, 25 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.
Weaknesses CWE-266
References
Metrics cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N'}

Subscriptions

Hypr Server
cve-icon MITRE

Status: PUBLISHED

Assigner: HYPR

Published:

Updated: 2026-03-27T03:55:32.320Z

Reserved: 2026-01-30T18:34:14.044Z

Link: CVE-2026-1712

cve-icon Vulnrichment

Updated: 2026-03-26T17:25:00.504Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:29.773

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-1712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:34:27Z

Weaknesses