ByteOS Network

Cryptobox

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-0873

Assigner-Thales Group

View Details

Assigner-Thales Group

CVSS Score-4.8||MEDIUM

EPSS-0.05% / 16.12%

7 Day CHG+0.01%

Published-04 Feb, 2026 | 10:42

Updated-04 Feb, 2026 | 16:33

Privilege Elevation in Ercom Cryptobox administration console

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

Vendor-Ercom

Product-Cryptobox

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-14266

Assigner-Thales Group

View Details

Assigner-Thales Group

CVSS Score-0.6||LOW

EPSS-0.03% / 7.08%

7 Day CHG~0.00%

Published-17 Dec, 2025 | 13:38

Updated-18 Dec, 2025 | 15:07

CSRF in Ercom Cryptobox administration console

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

Vendor-Ercom

Product-Cryptobox

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)