CVE-2026-8598

CRITICAL(9.1)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Risk Signal Score23/100 — NIEDRIG

CVSS 9.1 — Kritisch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.1

Technische Schwere

Beschreibung

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Referenzen

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-13...
https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04
https://www.zkteco.com/en/announcement/23