Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10056

Summary
Assigner-NX
Assigner Org ID-96d4e157-0bf0-48b3-8efd-382c68caf4e0
Published At-29 May, 2026 | 08:04
Updated At-29 May, 2026 | 14:59
Rejected At-
Credits

CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affected.Workaround: For existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {"supportedOrigins": "null"}. Alternatively, select High security level during initial setup. Solution: Update to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NX
Assigner Org ID:96d4e157-0bf0-48b3-8efd-382c68caf4e0
Published At:29 May, 2026 | 08:04
Updated At:29 May, 2026 | 14:59
Rejected At:
â–¼CVE Numbering Authority (CNA)
CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affected.Workaround: For existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {"supportedOrigins": "null"}. Alternatively, select High security level during initial setup. Solution: Update to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.

Affected Products
Vendor
Network Optix
Product
Nx Witness VMS
Platforms
  • Linux
  • Windows
  • MacOS
Versions
Affected
  • From 0 before 6.1.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-942CWE-942: Permissive Cross-Origin Resource Sharing Policy
Type: CWE
CWE ID: CWE-942
Description: CWE-942: Permissive Cross-Origin Resource Sharing Policy
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/AAn unauthenticated attacker who tricks an authenticated administrator into visiting a malicious web page can silently exfiltrate the victim's session token and gain full administrative access to the Nx Witness VMS instance.
CAPEC ID: N/A
Description: An unauthenticated attacker who tricks an authenticated administrator into visiting a malicious web page can silently exfiltrate the victim's session token and gain full administrative access to the Nx Witness VMS instance.
Solutions

Update to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.

Configurations

Workarounds

For existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {"supportedOrigins": "null"}. Alternatively, select High security level during initial setup.

Exploits

Credits

finder
Matan Sandori and 2Bsecure
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.networkoptix.com/hc/en-us/articles/39254208939159-How-to-Enable-CORS-Validation
vendor-advisory
Hyperlink: https://support.networkoptix.com/hc/en-us/articles/39254208939159-How-to-Enable-CORS-Validation
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:96d4e157-0bf0-48b3-8efd-382c68caf4e0
Published At:29 May, 2026 | 09:16
Updated At:01 Jun, 2026 | 17:06

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account Takeover via a malicious cross-origin web page visited by the victim. The High security mode is not affected.Workaround: For existing installations running in Standard security mode, set Access-Control-Allow-Credentials to false via the REST API: PATCH /rest/v2/system/settings with body {"supportedOrigins": "null"}. Alternatively, select High security level during initial setup. Solution: Update to Nx Witness VMS version 6.1.2 or later, in which Access-Control-Allow-Credentials is set to false in the default Standard security configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-942Secondary96d4e157-0bf0-48b3-8efd-382c68caf4e0
CWE ID: CWE-942
Type: Secondary
Source: 96d4e157-0bf0-48b3-8efd-382c68caf4e0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.networkoptix.com/hc/en-us/articles/39254208939159-How-to-Enable-CORS-Validation96d4e157-0bf0-48b3-8efd-382c68caf4e0
N/A
Hyperlink: https://support.networkoptix.com/hc/en-us/articles/39254208939159-How-to-Enable-CORS-Validation
Source: 96d4e157-0bf0-48b3-8efd-382c68caf4e0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found

CVE-2026-8948
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.42% / 33.80%
||
7 Day CHG+0.03%
Published-19 May, 2026 | 12:29
Updated-30 Jun, 2026 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Same-origin policy bypass in the DOM: Networking component

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2026-55110
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.18% / 7.87%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 14:49
Updated-02 Jul, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-Enterprise Video RecordersDream MachinesExpress 7Cloud KeysUniFi OS ServerNetwork Video RecordersCloud GatewaysDream WallNetwork Attached StorageEnterprise Firewall CoreDream RoutersEnterprise Fortress Gateway
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2026-32617
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.41% / 32.91%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:07
Updated-16 Mar, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AnythingLLM Permissable CORS policy

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the server's CORS policy accepts any origin. AnythingLLM Desktop binds to 127.0.0.1 (loopback) by default. Modern browsers (Chrome, Edge, Firefox) implement Private Network Access (PNA). This explicitly blocks public websites from making requests to local IP addresses. Exploitation is only viable from within the same local network (LAN) due to browser-level blocking of public-to-private requests.

Action-Not Available
Vendor-mintplexlabsMintplex-Labs
Product-anythingllmanything-llm
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2024-37131
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.54%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 14:35
Updated-20 May, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Managersecure_connect_gateway_policy_manager
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2026-34200
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.36% / 28.07%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 13:57
Updated-07 Apr, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to issue cross-origin requests to the MCP server and invoke privileged tools using the developer's locally configured credentials. This vulnerability requires two explicit, non-default configuration steps to be exploitable. The default nhost mcp start configuration is not affected. This issue has been patched in version 1.41.0.

Action-Not Available
Vendor-nhostnhost
Product-clinhost
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
Details not found