CVE-2026-0873
Unknown Unknown - Not Provided

Privilege Escalation in Ercom Cryptobox Admin Console

Vulnerability report for CVE-2026-0873, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: Thales Group

Description

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-07-06
AI Q&A
2026-02-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
ercom cryptobox 4.40
ercom cryptobox-cfsb 4.38.295
ercom helm_chart 4.40.166
ercom mobile_apps_for_android 4.40.153
ercom mobile_apps_for_ios 4.40.152
ercom desktop_sync_clients 4.40.152

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Ercom Cryptobox administration console on a platform where administrator segregation based on entities is used. It allows an authenticated entity administrator, who already has some level of access, to elevate their account privileges to that of a global administrator.

Impact Analysis

The vulnerability can impact you by allowing an entity administrator to gain unauthorized global administrator privileges. This elevation of privilege could lead to broader access and control over the Cryptobox platform than intended, potentially compromising the security and integrity of the system and its data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability in the Ercom Cryptobox administration console that allows an authenticated entity administrator to elevate privileges to global administrator, it is recommended to update to the latest Cryptobox version 4.40 or later.

The Cryptobox 4.40 release includes multiple security improvements and updates to underlying components such as mbedTLS, Alpine Linux, and Django, which may address this and other vulnerabilities.

Additionally, ensure that administrator segregation policies are properly enforced and review administrator accounts for any unauthorized privilege escalations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart