1. Home
  2. CVE Database
  3. CVE-2026-24443
HIGH · 8.8

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not ...

Vulnerability Description

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NetikusEventsentry< 6.0.1.20

Related Weaknesses (CWE)

CWE-620

References

FAQ

What is CVE-2026-24443?

CVE-2026-24443 is a vulnerability with a CVSS score of 8.8 (HIGH). EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not ...

How severe is CVE-2026-24443?

CVE-2026-24443 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-24443?

Check the references section above for vendor advisories and patch information. Affected products include: Netikus Eventsentry.