CVE Catalog

CVE-2026-10763

HighCVSS 7.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

The vulnerability in PROMOD V is due to the use of insecure HTTP instead of HTTPS. The issue originates from the Digipede server lacking HTTPS support.

Risk Assessment

The risk involves potential interception and modification of data transmitted between components, which could lead to sensitive information leakage or man-in-the-middle attacks.

Recommendation

Enforce HTTPS by configuring the Digipede server or implement additional security measures such as a VPN tunnel to protect the communication.

Original NVD description (English source)

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS