CVE Catalog

CVE-2026-50214

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

Risk Assessment

The organization may be exposed to unauthorized creation of network access plans, potentially leading to abuse and financial losses.

Recommendation

It is recommended to implement authorization mechanisms for creating access plans and restrict access to the API token.

Original NVD description (English source)

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS