CVE-2026-1363 PUBLISHED

JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Security

Assigner: twcert
Reserved: 23.01.2026 Published: 23.01.2026 Updated: 23.01.2026

IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor JNC
Product IAQS
Versions Default: unaffected
  • Version 0 is affected
Vendor JNC
Product I6
Versions Default: unaffected
  • Version 0 is affected

Solutions

The vendor has released a patch for devices using the M4 chip. Devices using the M3 chip do not support the update and are recommended to be replaced. Please contact the vendor to confirm which chip the device uses and take the appropriate actions accordingly.

References

Problem Types

  • CWE-603 Use of Client-Side Authentication CWE

Impacts

  • CAPEC-114 Authentication Abuse