CVE-2026-27668 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 14, 2026
RUGGEDCOM CROSSBOW Secure Access Manager Primary - Broken Access Control
Published: April 14, 2026Updated: April 14, 2026Remote Exploitable
Overview
RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) < V5.8 contains a broken access control vulnerability caused by User Administrators being able to administer groups they belong to, letting authenticated User Administrators escalate privileges to any device group, exploit requires authenticated User Administrator privileges.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated User Administrators can escalate privileges to access any device group at any access level.
Mitigation
Update to version 5.8 or later.
Related Resources
Details
- CVE ID
- CVE-2026-27668
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H