Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
REB500: Unauthorized Access to Sensitive Files
CVE-2026-2459
Summary
An authenticated user with the Installer role can access and modify files they shouldn't be able to, potentially leading to data corruption or unauthorized changes. This could allow an attacker to make unintended modifications to the system, compromising its integrity. To address this, ensure the Installer role only has the necessary permissions and consider restricting access to sensitive directories.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hitachienergy | reb500_firmware | <= 8.3.3.1 | – |
Original title
A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
Original description
A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
nvd CVSS3.1
8.1
nvd CVSS4.0
7.4
Vulnerability type
CWE-267
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026