CVE-2026-5756

Summary

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services.

Affected Software

VendorProductVersion RangeStatus
Data Recognition CorporationCentral Office Services - Content Hosting Component975affected

Weaknesses

  • CWE-306 Missing Authentication for Critical Function
  • CWE-94 Improper Control of Generation of Code ('Code Injection')
  • CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References