CVE Catalog

CVE-2026-22055

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

The vulnerability in Active IQ OneCollect 2.7.3 is due to hard-coded credentials, allowing an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

Risk Assessment

The organization is at risk of unauthorized access to AutoSupport functions, potentially leading to data leakage or disruption of technical support operations.

Recommendation

Immediately update Active IQ OneCollect to the latest version that removes hard-coded credentials, and review AutoSupport access configuration.

Original NVD description (English source)

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS