CVE-2026-24711
5.3 MEDIUMNorthern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control
Published: 2026-05-14 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-284
Affected products
| Vendor | Product |
|---|---|
| northern.tech | cfengine |
Description
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-24712 — Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection (7.3 HIGH)
- CVE-2026-24710 — Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS (6.1 MEDIUM)
Same CWE
- CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)
- CVE-2026-50892 — Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attacke... (6.5 MEDIUM)
- CVE-2026-50891 — Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a cra... (8.1 HIGH)
- CVE-2026-50886 — Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources vi... (9.1 CRITICAL)
- CVE-2026-50885 — Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive... (7.5 HIGH)