7.3
CVE-2026-0541
- EPSS 0.1%
- Veröffentlicht 12.05.2026 05:42:27
- Zuletzt bearbeitet 19.05.2026 15:40:24
- Quelle product-security@axis.com
- CVE-Watchlists
- Unerledigt
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.009 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| product-security@axis.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
https://www.axis.com/dam/public/fa/50/c7/cve-2026-0541pdf-en-US-530730.pdf