CVE-2025-26343

Summary

A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to brute-force user PINs via multiple crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
Q-FreeMaxTime0 <= 2.11.0affected

Weaknesses

  • CWE-1390: CWE-1390 Weak Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References