CVE-2026-50244
Received Received - Intake
Registration Endpoint Enumeration in Naxclow Platform

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: ICS-CERT

Description
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint’s behavior enables precise fleet enumeration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-50244
EUVD
EUVD-2026-36533
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Naxclow platform involves a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier without verifying if the caller actually owns that account.

Each request to this endpoint mints a new sequential device identifier and returns the current high-water counter value for the batch, which allows an attacker to measure and enumerate the active device space precisely.

Because there is no validation of ownership, unauthorized users can exploit this behavior to enumerate devices in the system.

Impact Analysis

This vulnerability can impact you by allowing unauthorized parties to enumerate the active devices registered in the Naxclow platform.

Such precise fleet enumeration can lead to information disclosure, potentially aiding attackers in mapping the device landscape and planning further attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50244. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart