TimePictra Missing Authentication for Critical Configuration Changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.3

TimePictra Missing Authentication for Critical Configuration Changes

CVE-2026-2844

Summary

An attacker can manipulate critical settings in TimePictra versions 11.0 through 11.3 SP2 without proper authentication. This can lead to unintended system behavior, potentially disrupting operations or compromising data. Update to the latest version to ensure authentication is enforced for all critical functions.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microchip	timepictra	> 11.0 , <= 11.3	–
microchip	timepictra	11.3	–
microchip	timepictra	11.3	–

Original title

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

Original description

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.

nvd CVSS4.0 9.3

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-...

Published: 28 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026