CVE-2023-26150

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 3, 2023

Updated: Nov 7, 2023

CWE ID 287

Summary

CVE-2023-26150 is a cybersecurity vulnerability affecting versions of the package asyncua prior to 0.9.96. This issue allows unauthenticated access to the Address Space without encryption due to missing checks for services that require active sessions. An adversary can exploit this vulnerability to gain unauthorized access to sensitive data or control systems, potentially leading to serious consequences. Organizations using asyncua are urged to upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s3jVI-
https://www.cve.org/CVERecord?id=CVE-2023-26150
https://nvd.nist.gov/vuln/detail/CVE-2023-26150

Back to Vulnerability Database

CVE-2023-26150

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations