CVE-2026-22624
Unknown
Unknown - Not Provided
Improper Access Control in HIKSEMI NAS Allows Unauthorized File Manipulation
Vulnerability report for CVE-2026-22624, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-01-30
Last updated on: 2026-02-27
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hiksemi | nas | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |