CVE-2026-1453 PUBLISHED

Missing Authentication for Critical Function in KiloView Encoder Series

Assigner: icscert
Reserved: 26.01.2026 Published: 29.01.2026 Updated: 29.01.2026

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	KiloView
Product	Encoder Series E1 hardware Version 1.4
Versions	Default: unaffected Version 4.7.2516 is affected

Vendor	KiloView
Product	Encoder Series E1 hardware Version 1.6.20
Versions	Default: unaffected Version 4.7.2511 is affected Version 4.8.2523 is affected Version 4.8.2611 is affected Version 4.6.2400 is affected Version 4.7.2512 is affected Version 4.8.2561 is affected Version 4.8.2554 is affected Version 4.3.2029 is affected Version 4.8.2555 is affected Version 4.6.2408 is affected

Vendor	KiloView
Product	Encoder Series E1-s hardware Version 1.4
Versions	Default: unaffected Version 4.7.2516 is affected Version 4.8.2519 is affected Version 4.8.2525 is affected Version 4.8.2611 is affected Version 4.8.2561 is affected Version 4.8.2554 is affected Version 4.8.2523 is affected

Vendor	KiloView
Product	Encoder Series E2 hardware Version 1.7.20
Versions	Default: unaffected Version 4.8.2611 is affected Version 4.8.2561 is affected

Vendor	KiloView
Product	Encoder Series E2 hardware Version 1.8.20
Versions	Default: unaffected Version 4.8.2523 is affected Version 4.8.2611 is affected Version 4.8.2554 is affected

Vendor	KiloView
Product	Encoder Series G1 hardware Version 1.6.20
Versions	Default: unaffected Version 4.8.2561 is affected

Vendor	KiloView
Product	Encoder Series P1 hardware Version 1.3.20
Versions	Default: unaffected Version 4.8.2633 is affected Version 4.8.2608 is affected

Vendor	KiloView
Product	Encoder Series P2 hardware Version 1.8.20
Versions	Default: unaffected Version 4.8.2633 is affected

Vendor	KiloView
Product	Encoder Series RE1 hardware Version 2.0.00
Versions	Default: unaffected Version 4.7.2513 is affected

Vendor	KiloView
Product	Encoder Series RE1 hardware Version 3.0.00
Versions	Default: unaffected Version 4.8.2519 is affected Version 4.8.2561 is affected Version 4.8.2611 is affected Version 4.8.2525 is affected

Workarounds

KiloView has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of KiloView Encoder Series are invited to contact KiloView customer support for additional information.

CVE-2026-1453 PUBLISHED

Missing Authentication for Critical Function in KiloView Encoder Series

Metrics

Product Status

Workarounds

Credits

References

Problem Types