CVE Catalog

CVE-2026-37454

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Insecure permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via 3DES-ECB encryption.

Risk Assessment

An attacker can remotely intercept confidential data processed by the service, leading to a breach of information confidentiality in the organization.

Recommendation

Immediately update MSI NBFoundation Service to the latest version that fixes this vulnerability and consider using stronger encryption algorithms.

Original NVD description (English source)

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption

Vulnerability data from NVD (NIST) · CISA KEV · EPSS