CVE-2026-22055
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
The vulnerability in Active IQ OneCollect 2.7.3 is due to hard-coded credentials, allowing an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
Risk Assessment
The organization is at risk of unauthorized access to AutoSupport functions, potentially leading to data leakage or disruption of technical support operations.
Recommendation
Immediately update Active IQ OneCollect to the latest version that removes hard-coded credentials, and review AutoSupport access configuration.
Original NVD description (English source)
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

