CVE-2026-11889
Received
Received - Intake
Privilege Escalation in SALTO ProAccess Space via Tenancy Feature
Vulnerability report for CVE-2026-11889, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-16
Last updated on: 2026-07-16
Assigner: ICS-CERT
Description
Description
SALTO ProAccess Space software using the tenancy feature / logical
partition is vulnerable to a privilege escalation attack that could
allow an authorized attacker to access any space managed by the affected
product.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| salto | proaccess_space | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |