CVE-2026-28767 - Vulnerability Analysis

Overview

An unspecified product contains a broken access control vulnerability caused by an administrative endpoint 'notifications' accessible without proper authentication, letting unauthenticated attackers access administrative functions.

Severity & Score

Impact

Unauthenticated attackers can access administrative functions, potentially leading to unauthorized data access or modification.

Mitigation

Restrict access to the administrative endpoint 'notifications' with proper authentication.

References

• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json
• https://mygardyn.com/security/
• https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner