Security Advisory

CVE-2026-31848

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 12:09:30
Last updated 2026-03-26 10:45:19
Assigner TuranSec
State PUBLISHED

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints.