CVE-2026-9642
Received Received - Intake
Mitigation Bypass for Unauthenticated Remote Database Access in DIAView

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Tenable Network Security, Inc.

Description
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-27
AI Q&A
2026-05-27
EPSS Evaluated
N/A
NVD
CVE-2026-9642
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a mitigation bypass or incomplete fix related to a previous issue identified as CVE-2025-62582, which involved unauthenticated remote database access.

Specifically, an unauthenticated remote attacker can access configured databases within a DIAView project, meaning they do not need valid credentials to gain access.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows an unauthenticated attacker to remotely access databases.

  • Confidentiality can be compromised (C:H) as sensitive data in the databases may be exposed.
  • Integrity can be compromised (I:H) since attackers might alter or corrupt data.
  • Availability can be compromised (A:H) as attackers could disrupt database services.

The high CVSS score of 9.8 indicates this is a critical vulnerability with network attack vector, low attack complexity, no privileges or user interaction required.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart