CVE Catalog
CVE-2026-50214
CriticalCVSS 9.8Summary
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
Risk Assessment
The organization may be exposed to unauthorized creation of network access plans, potentially leading to abuse and financial losses.
Recommendation
It is recommended to implement authorization mechanisms for creating access plans and restrict access to the API token.
Original NVD description (English source)
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

