Description
InfoScale CmdServer before 7.4.2 mishandles access control.
Published: 2026-05-20
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an access‑control bypass in InfoScale CmdServer versions earlier than 7.4.2. It allows an attacker to circumvent the authentication and authorization checks that protect the command interface, enabling the execution of privileged operations, modification of configuration settings, or other actions that compromise the management capabilities of the system.

Affected Systems

Any installation of InfoScale CmdServer that is running a version prior to 7.4.2 is susceptible. The advisory does not name a specific vendor, but the product is typically deployed as the central command and control component for certain storage appliance environments.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, indicating high severity. The EPSS score is not available, and the vulnerability is not currently listed in CISA’s KEV catalog, so no public exploitation has been reported. Based on the description, the attack is likely to be carried out remotely via the network‑exposed CmdServer interface, or locally if an attacker can reach the service through an accessible port or gain local access to the host.

Generated by OpenCVE AI on May 20, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch that upgrades InfoScale CmdServer to version 7.4.2 or later.
  • Limit the CmdServer interface to trusted IP addresses and enforce strong authentication, using firewall rules or access control lists to prevent unwanted traffic.
  • Configure the operating system and application permissions so that the CmdServer process runs with the minimum privileges required for its operations.

Generated by OpenCVE AI on May 20, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title InfoScale CmdServer Access Control Bypass Before 7.4.2

Wed, 20 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title InfoScale CmdServer Access Control Bypass Before 7.4.2
Weaknesses CWE-284

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description InfoScale CmdServer before 7.4.2 mishandles access control.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T17:49:42.787Z

Reserved: 2026-05-08T00:00:00.000Z

Link: CVE-2026-44926

cve-icon Vulnrichment

Updated: 2026-05-20T17:46:27.530Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T17:16:24.357

Modified: 2026-05-20T20:16:40.517

Link: CVE-2026-44926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T20:00:12Z

Weaknesses