JustAppSec
HIGH SeverityCVSS 4.08.7CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

CVE-2026-2336

Last updated Apr 16, 2026 · Published Apr 16, 2026

← Back to list

Description

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

Affected products

1 listed
  • Microchip:IStaX

Mappings

CWE

CWE-331

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.