CVE-2026-35097

Summary

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters.

This issue was fixed in the patch published in June 2026.

Affected Software

VendorProductVersion RangeStatus
KTM Systeme-BOK0 < 06.2026affected

Weaknesses

  • CWE-521: CWE-521: Weak Password Requirements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References