CVE Catalog

CVE-2026-42947

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

36th percentile - higher than 36% of all known CVEs

Summary

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account.

Risk Assessment

An attacker can take over a device without user interaction, posing a serious threat to data security and control over devices within the organization.

Recommendation

It is recommended to implement additional ownership verification mechanisms and monitor device assignment activities.

Original NVD description (English source)

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can take over a device without user interaction while the device remains online and unaware.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS