CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-31849

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.6%

CVSS Severity

References

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31849

Products

Pricing

Contact Us