CVE-2026-8673

5.9 MEDIUM

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks

Published: 2026-05-22 · Last updated: 2026-06-02

Severity and scoring

CVSS: 5.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-523

Affected products

Vendor	Product
avantra	avantra

Description

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8673
[Vendor advisory]https://support.avantra.com/hc/en-us/articles/5535621927071

Related CVEs

Same vendor

CVE-2026-8672 — Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords (5.1 MEDIUM)
CVE-2026-8671 — Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Expo... (7.5 HIGH)
CVE-2026-8670 — Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Re... (9.6 CRITICAL)

Same CWE

CVE-2026-36610 — Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding (5.9 MEDIUM)