CVE-2026-11889 PUBLISHED

SALTO ProAccess Space Authorization Bypass Through User-Controlled Key

Assigner: icscert
Reserved: 10.06.2026 Published: 16.07.2026 Updated: 17.07.2026

SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor SALTO
Product ProAccess Space
Versions Default: unaffected
  • affected from 0 to 6.13 (excl.)
  • Version 6.13 is unaffected

Solutions

Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.

To further enhance security after applying the update: 

  • Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. 
  • Restrict operator-level accounts to the minimum required and apply least-privilege principles. 
  • If feasible, disable the partitioning feature and operate under a single partition. 
  • When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.

Credits

  • Bernhard Lorenz of Limes Security reported this vulnerability to CISA. finder

References

Problem Types

  • CWE-639 CWE