CVE-2026-41993
Received Received - Intake

Improper Access Control in TXOne Networks Products

Vulnerability report for CVE-2026-41993, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: TXOne

Description

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy unauthorized file on the removable media in advance. This issue affects SafePortAgent: before 3.2.5024; StellarProtect: from 3.2.4011 before 5.0.1083.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
txone_networks safeportagent to 3.2.5024 (exc)
txone_networks stellarprotect From 3.2.4011 (inc) to 5.0.1083 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper access control issue in TXOne Networks products that allows a local attacker with admin privileges to bypass file lockdown mechanisms on removable media. The attacker must first place an unauthorized file on the media before exploiting the flaw to transfer it to a victim device.

Detection Guidance

This vulnerability requires local administrator access and involves removable media validation bypass. Detection may involve checking installed versions of SafePortAgent and StellarProtect against vulnerable ranges. Review removable media access logs for unauthorized file transfers or bypass attempts.

Impact Analysis

If you use affected TXOne Networks products (SafePortAgent before 3.2.5024 or StellarProtect between 3.2.4011 and 5.0.1083), an attacker could bypass security controls and transfer malicious files to your system via removable media, potentially leading to system compromise or data breaches.

Compliance Impact

This vulnerability could lead to unauthorized file transfers, potentially violating data protection requirements under GDPR or HIPAA by allowing unauthorized access to sensitive data. Organizations using affected products may face compliance risks if the flaw enables data breaches.

Mitigation Strategies

Update SafePortAgent to version 3.2.5024 or later and StellarProtect to version 5.0.1083 or later to address the improper access control vulnerability in the Removable Media Validation function.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41993. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart