Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Cryptobox

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-6805
Assigner-Thales Group
ShareView Details
Assigner-Thales Group
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.23%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 09:45
Updated-11 May, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability on Cryptobox external sharing feature

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

Action-Not Available
Vendor-thalesgroupErcom
Product-ercom_cryptoboxCryptobox
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2026-5794
Assigner-Thales Group
ShareView Details
Assigner-Thales Group
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 15.39%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 17:09
Updated-29 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in Cryptobox allows an authenticated user to trigger an account lockout

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.

Action-Not Available
Vendor-Ercom
Product-Cryptobox
CWE ID-CWE-694
Use of Multiple Resources with Duplicate Identifier
CVE-2026-0873
Assigner-Thales Group
ShareView Details
Assigner-Thales Group
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 10:42
Updated-04 Feb, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Elevation in Ercom Cryptobox administration console

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

Action-Not Available
Vendor-Ercom
Product-Cryptobox
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-14266
Assigner-Thales Group
ShareView Details
Assigner-Thales Group
CVSS Score-0.6||LOW
EPSS-0.04% / 10.95%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 13:38
Updated-18 Dec, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in Ercom Cryptobox administration console

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.

Action-Not Available
Vendor-Ercom
Product-Cryptobox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)