Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
CVE-2024-46948: Northern.tech Mender: Unauthorized Access to Device Data
CVE-2024-46948
Summary
A security issue in Northern.tech Mender allows attackers to access sensitive information on devices. This could lead to unauthorized access to data and potentially disrupt device management. Update to Mender version 3.6.5 or 3.7.5 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| northern.tech | mender |
< 3.6.5 >= 3.7.0, < 3.7.5 cpe:2.3:a:northern.tech:mender:*:*:*:*:-:*:*:* |
Original title
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
Original description
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
nvd CVSS3.1
4.3
Vulnerability type
CWE-284
Improper Access Control
- https://mender.io/blog/cve-2024-46948 Patch Vendor Advisory
Published: 8 Nov 2024 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026