CVE-2026-2336

Summary

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

Affected Software

VendorProductVersion RangeStatus
MicrochipIStaX0 < 2026.03affected

Weaknesses

  • CWE-331: CWE-331 Insufficient entropy

Workarounds

Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References