CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

CVSS

No CVSS.

References

Link	Resource
https://info.cryptobox.com/doc/v4.40/4.40.en/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) En una plataforma Cryptobox donde se utiliza la segregación de administradores basada en entidades, algunas vulnerabilidades en la consola de administración Ercom Cryptobox permiten a un administrador de entidad autenticado con conocimiento elevar su cuenta a administrador global.

04 Feb 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 11:16

Updated : 2026-04-15 00:35

NVD link : CVE-2026-0873

Mitre link : CVE-2026-0873

CVE.ORG link : CVE-2026-0873

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1220

Insufficient Granularity of Access Control

{"id": "CVE-2026-0873", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-04T11:16:02.797", "references": [{"url": "https://info.cryptobox.com/doc/v4.40/4.40.en/", "source": "psirt@thalesgroup.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator."}, {"lang": "es", "value": "En una plataforma Cryptobox donde se utiliza la segregaci\u00f3n de administradores basada en entidades, algunas vulnerabilidades en la consola de administraci\u00f3n Ercom Cryptobox permiten a un administrador de entidad autenticado con conocimiento elevar su cuenta a administrador global."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@thalesgroup.com"}