Home / Vulnerability Intelligence / CVE-2026-27515

CVE-2026-27515 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: February 25, 2026

Binardat 10G08-0800GSM - Authentication Bypass

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

Binardat 10G08-0800GSM network switch firmware < V300SP10260209 contains a session hijacking vulnerability caused by predictable numeric session identifiers in the web management interface, letting attackers hijack authenticated sessions, exploit requires guessing valid session IDs.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

Attackers can hijack authenticated sessions, gaining unauthorized access to the management interface.

Mitigation

Update to firmware version V300SP10260209 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 24, 2026

🔴 CVE-2026-27515 - Critical (9.1) Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27515/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27515
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: confirmed
EPSS: 3.1%
Social Posts: 1

CWE

CWE-330

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

3.1%Probability of exploitation in the next 30 days