Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Microchip IStaX: Low-Privilege User Can Gain Admin Access
CVE-2026-2336
Summary
A security issue in Microchip IStaX allows a low-privileged user to gain admin access to the system by exploiting a vulnerability in the cookie system. This issue affects older versions of IStaX. To fix the issue, update to the latest version of Microchip IStaX.
Original title
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge...
Original description
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
nvd CVSS4.0
8.7
Vulnerability type
CWE-331
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026