CVE-2026-0393
6.5 MEDIUMThe affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to...
Published: 2026-05-21 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-522
Affected products
| Vendor | Product |
|---|---|
| codesys | visualization |
Description
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44469 — The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative instal... (7.8 HIGH)
- CVE-2026-44468 — The affected product creates a directory with insecure default permissions during administrative installation (7.8 HIGH)
- CVE-2021-33485 — CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow (9.8 CRITICAL)
- CVE-2021-29241 — CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS) (7.5 HIGH)
Same CWE
- CVE-2026-41715 — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials (6.1 MEDIUM)
- CVE-2026-39908 — OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the N... (6.5 MEDIUM)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)
- CVE-2026-46511 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-7313 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote a... (8.7 HIGH)