Security Advisory

CVE-2026-31849

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 12:16:59
Last updated 2026-03-26 10:45:40
Assigner TuranSec
State PUBLISHED

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.