Security Advisory

CVE-2026-22906

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 07:40:33

Last updated 2026-02-09 15:31:17

Assigner CERTVDE

State PUBLISHED

Description

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

← Browse all CVEs View on cve.org ↗