CVE-2026-0873

Severity CVSS v4.0:

MEDIUM

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

04/02/2026

Last modified:

04/02/2026

Description

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U CVSS v4.0 Severity and Metrics:

Base Score: 4.80 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): Low
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Exploit Maturity (E): Unreported

Base Score 4.0

4.80

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://info.cryptobox.com/doc/v4.40/4.40.en/