ByteOS Network

CVE Vulnerability Details :

CVE-2026-6805

PUBLISHED

More Info Official Page

Assigner-THA-PSIRT

Assigner Org ID-9d5917ae-205d-4ae5-8749-1f49479b1395

Published At-07 May, 2026 | 09:45

Updated At-07 May, 2026 | 13:39

▼CVE Numbering Authority (CNA)

Vulnerability on Cryptobox external sharing feature

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

Affected Products

Vendor

Ercom

Product

Cryptobox

Modules

Server

Default Status

affected

Versions

Unaffected

4.40.183
From 4.37.248 before v4.38.0 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-280	CWE-280 Improper handling of insufficient permissions or privileges

Type: CWE

CWE ID: CWE-280

Description: CWE-280 Improper handling of insufficient permissions or privileges

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Impacts

CAPEC ID	Description
CAPEC-49	CAPEC-49 Password Brute Forcing

CAPEC ID: CAPEC-49

Description: CAPEC-49 Password Brute Forcing

References

Hyperlink	Resource
https://info.cryptobox.com/doc/v4.40/4.40.en/	release-notes

Hyperlink: https://info.cryptobox.com/doc/v4.40/4.40.en/

Resource:

release-notes

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References