CVE-2026-50214
Received Received - Intake
Global API Token Authentication Bypass in Plan Service

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-04
AI Q&A
2026-06-04
EPSS Evaluated
N/A
NVD
CVE-2026-50214
EUVD
EUVD-2026-34228
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists because the /v1/Plan service uses a single shared global API token for full administrative management. This means that anyone who obtains this token can create network access plans arbitrarily, including zero-cost plans, without any restrictions.


How can this vulnerability impact me? :

The impact of this vulnerability is severe because an attacker can use the shared global API token to create unlimited zero-cost network access plans. This could lead to unauthorized access, financial loss, and potential abuse of network resources.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart