CVE-2026-6805

Summary

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

Affected Software

VendorProductVersion RangeStatus
ErcomCryptobox4.40.183unaffected
ErcomCryptobox4.37.248 < v4.38.0unaffected

Weaknesses

  • CWE-280: CWE-280 Improper handling of insufficient permissions or privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References