{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T23:06:48.321","vulnerabilities":[{"cve":{"id":"CVE-2026-26049","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-02-20T17:25:53.623","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"ics-cert@hq.dhs.gov","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"The web management interface of the device renders the passwords in a \nplaintext input field. The current password is directly visible to \nanyone with access to the UI, potentially exposing administrator \ncredentials to unauthorized observation via shoulder surfing, \nscreenshots, or browser form caching."},{"lang":"es","value":"La interfaz de gestión web del dispositivo muestra las contraseñas en un campo de entrada de texto sin formato. La contraseña actual es directamente visible para cualquiera con acceso a la UI, lo que podría exponer las credenciales de administrador a una observación no autorizada mediante 'shoulder surfing', capturas de pantalla o el almacenamiento en caché del formulario del navegador."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-050-03","source":"ics-cert@hq.dhs.gov"}]}}]}