CVE-2026-5794
Received
Received - Intake
Account Lockout Vulnerability in Cryptobox Enables Denial of Service
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: Thales Group
Description
Description
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thalesgroup | cryptobox | * |
| thales | cryptobox | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-694 | The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain detailed versions of Cryptobox and allows a legitimate user to prevent another user from logging in.
It is triggered by sending a specially crafted request that causes an account lockout for the targeted user.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling a legitimate user to lock out another user from accessing their account.
This denial of access could disrupt normal operations or prevent legitimate users from using the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70