CVE-2026-32646 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: April 3, 2026
Device Management - Broken Access Control
Published: April 3, 2026Updated: April 3, 2026PoC AvailableRemote Exploitable
Overview
A device management product contains a broken access control vulnerability caused by an administrative endpoint accessible without proper authentication, letting attackers access device management functions without authorization, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 7.5
Impact
Attackers can access and manipulate device management functions without authorization, potentially compromising device security and control.
Mitigation
Restrict access to the administrative endpoint by implementing proper authentication and authorization controls.
References
Related Resources
Details
- CVE ID
- CVE-2026-32646
- Severity
- High
- CVSS Score
- 7.5
- Type
- broken_access_control
- Status
- new
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N