CVE-2026-35097
Deferred Deferred - Pending Action

Brute-Force Vulnerability in KTM System e-BOK

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: CERT.PL

Description
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-35097
EUVD
EUVD-2026-40324

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ktm_system ktm_system_e-bok to 2026-06-01 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-521 The product does not require that users should have strong passwords.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by significantly weakening password security, as limiting passwords to only six numeric digits reduces the complexity and makes them easier to guess or brute force.

Mitigation Strategies

The vulnerability was fixed in a patch published in June 2026. The immediate step to mitigate this vulnerability is to apply the patch provided by the vendor as soon as possible.

Executive Summary

The vulnerability in the KTM System e-BOK is that it enforces a maximum password length of only six numeric digits and does not allow the use of alphabetic, special, or extended characters.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35097. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart