CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

CVSS

No CVSS.

References

Link	Resource
https://info.cryptobox.com/doc/v4.40/4.40.en/

Configurations

No configuration.

History

04 Feb 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 11:16

Updated : 2026-02-04 16:33

NVD link : CVE-2026-0873

Mitre link : CVE-2026-0873

CVE.ORG link : CVE-2026-0873

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1220

Insufficient Granularity of Access Control

{"id": "CVE-2026-0873", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-04T11:16:02.797", "references": [{"url": "https://info.cryptobox.com/doc/v4.40/4.40.en/", "source": "psirt@thalesgroup.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@thalesgroup.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator."}], "lastModified": "2026-02-04T16:33:44.537", "sourceIdentifier": "psirt@thalesgroup.com"}

CVE-2026-0873

JSON object

Attach tags to CVE-2026-0873

Attach tags to `CVE-2026-0873`