CVE-2026-0873
Unknown Unknown - Not Provided
Privilege Escalation in Ercom Cryptobox Admin Console

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: Thales Group

Description
On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0873
EUVD
EUVD-2026-5513
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
ercom cryptobox 4.40
ercom cryptobox-cfsb 4.38.295
ercom helm_chart 4.40.166
ercom mobile_apps_for_android 4.40.153
ercom mobile_apps_for_ios 4.40.152
ercom desktop_sync_clients 4.40.152
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Ercom Cryptobox administration console on a platform where administrator segregation based on entities is used. It allows an authenticated entity administrator, who already has some level of access, to elevate their account privileges to that of a global administrator.

Impact Analysis

The vulnerability can impact you by allowing an entity administrator to gain unauthorized global administrator privileges. This elevation of privilege could lead to broader access and control over the Cryptobox platform than intended, potentially compromising the security and integrity of the system and its data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability in the Ercom Cryptobox administration console that allows an authenticated entity administrator to elevate privileges to global administrator, it is recommended to update to the latest Cryptobox version 4.40 or later.

The Cryptobox 4.40 release includes multiple security improvements and updates to underlying components such as mbedTLS, Alpine Linux, and Django, which may address this and other vulnerabilities.

Additionally, ensure that administrator segregation policies are properly enforced and review administrator accounts for any unauthorized privilege escalations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart