CVE-2026-12352 PUBLISHED

Incorrect Authorization

Assigner: Digi
Reserved: 15.06.2026 Published: 07.07.2026 Updated: 07.07.2026

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 5.9

Product Status

Vendor Digi International
Product PortServer TS 1/2/4
Versions Default: unaffected
  • affected from 82000747_V1 to 82000747_AB (incl.)
Vendor Digi International
Product Digi One SP / SP IA / IA
Versions Default: unaffected
  • affected from 82000774-W to 93000459_AB (incl.)

References

Problem Types

  • CWE-863 CWE