CVE-2026-22096
Received
Received - Intake
Authentication Bypass in Webserver on Port 8090
Vulnerability report for CVE-2026-22096, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-13
Last updated on: 2026-07-13
Assigner: Dutch Institute for Vulnerability Disclosure
Description
Description
The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |