Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
SINEC NMS versions before V4.0 SP3 allow unauthorized access
CVE-2026-24032
Summary
A weakness in SINEC NMS's user authentication means an attacker can gain access without a password. This could let an attacker access the application without permission, which could lead to sensitive data being compromised. Install the latest version of SINEC NMS, V4.0 SP3 or later, to fix this issue.
Original title
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in ...
Original description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.
This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)
This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-347
Improper Verification of Cryptographic Signature
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026