CVE-2026-5756 - Vulnerability Details

- Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)

Description

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Published: 2026-04-14

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker who is not authenticated to modify the server’s configuration file in DRC Central Office Services (COS). This flaw can enable mass data exfiltration, interception of malicious traffic, or disruption of testing services. The flaw represents a weakness in access control, equivalent to an improper authorization issue that undermines confidentiality and integrity of the system’s configuration.

Affected Systems

Data Recognition Corporation’s Central Office Services – Content Hosting Component. No specific version information is provided, so any installation of this component is potentially impacted.

Risk and Exploitability

The vulnerability is likely exploitable via network channels that grant write access to configuration files, given the lack of authentication requirements. With no EPSS score and no listing in CISA’s KEV catalog, the exact exploit probability is unknown; however, the absence of authentication suggests a high risk if left unmitigated. No CVSS score is available, so the severity remains undetermined. Potential attackers could alter service parameters, potentially redirect traffic or exfiltrate data, making this a high‑impact vulnerability if exploited.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Data Recognition Corporation

Central Office Services - Content Hosting Component

affected

Version	Status	Constraints
`975`	affected	—

No data.

Vendor Product Confidence Versions

Data Recognition Corporation

Central Office Services - Content Hosting Component

100%

Version	Status	Scheme	Platform
`975`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the Data Recognition Corporation website or support portal for a patch or update for Central Office Services.
Apply any released patch or upgrade to the latest version of Central Office Services as soon as it becomes available.
If an update is not available, isolate the Central Office Services component from external networks or restrict it to a trusted internal segment.
Disable remote configuration modification capabilities or block write access to configuration files via firewall or file‑system permissions.
Enable logging of configuration file changes and monitor logs for unauthorized modifications.
Conduct a vulnerability assessment or penetration testing to confirm whether the configuration file remains protected.

Generated by OpenCVE AI on April 14, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.datarecognitioncorp.com/

History

Wed, 15 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Data Recognition Corporation Data Recognition Corporation central Office Services - Content Hosting Component
Vendors & Products		Data Recognition Corporation Data Recognition Corporation central Office Services - Content Hosting Component

Wed, 15 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284 CWE-862

Tue, 14 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.
Title		Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)
References		https://www.datarecognitioncorp.com/

Subscriptions

Data Recognition Corporation Central Office Services - Content Hosting Component

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-04-14T17:51:53.628Z

Updated: 2026-04-14T17:51:53.628Z

Reserved: 2026-04-07T16:42:45.597Z

Link: CVE-2026-5756

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-14T18:17:39.600

Modified: 2026-04-14T18:17:39.600

Link: CVE-2026-5756

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T14:53:59Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object