Description
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
Published: 2026-04-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

Microchip IStaX implements a per-device cookie secret that is stored in the webstax_auth session cookie. An authenticated low‑privileged user can retrieve this cookie secret from their own session cookie and use it to forge a cookie that grants administrative privileges. The vulnerability is a weakness of authentication enforcement (CWE‑331) and allows an attacker who has already authenticated to elevate privileges to administrator level, providing full control over the device. The impact is a clear loss of integrity and confidentiality of the device’s configuration and data.

Affected Systems

Devices running Microchip IStaX firmware dated before the 2026.03 release are affected. The vulnerability does not affect later releases that include the hardening of the cookie authentication mechanism.

Risk and Exploitability

The CVSS score is 8.7, indicating a high severity vulnerability. While an EPSS score is not available, the lack of a KEV listing does not negate the risk; Microchip’s recommendation to restrict management access until an upgrade suggests the risk of exploitation is considered significant. The likely attack vector is via the device’s web management interface, meaning any party that can authenticate, even with low privileges, can leverage the flaw. Successful exploitation requires only a valid low‑privilege account and no special network infrastructure beyond access to the web interface.

Generated by OpenCVE AI on April 17, 2026 at 02:54 UTC.

Remediation

Vendor Workaround

Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded.

OpenCVE Recommended Actions

  • Upgrade the device to IStaX version 2026.03 or later, which fixes the cookie authentication flaw.
  • If an immediate upgrade is not possible, apply any vendor‑supplied patch that addresses the issue before it becomes publicized.
  • Until a patch or upgrade is available, restrict the management interface to trusted networks and enforce access controls for trusted users, following the vendor’s recommended workaround.

Generated by OpenCVE AI on April 17, 2026 at 02:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Microchip
Microchip istax
Vendors & Products Microchip
Microchip istax

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
Title Weak webstax_auth Cookie Authentication Allows Privilege Escalation
Weaknesses CWE-331
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Microchip Istax
cve-icon MITRE

Status: PUBLISHED

Assigner: Microchip

Published:

Updated: 2026-04-16T17:34:39.672Z

Reserved: 2026-02-11T10:30:26.167Z

Link: CVE-2026-2336

cve-icon Vulnrichment

Updated: 2026-04-16T17:34:36.932Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T18:16:44.927

Modified: 2026-04-17T15:17:00.957

Link: CVE-2026-2336

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T03:00:08Z

Weaknesses