CVE-2026-1241
published 2026-02-26CVE-2026-1241: The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from…
PriorityP261high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.35%
26.6th percentile
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pelco_inc | sarix_professional_ibp_3_series | <= 02.52 | — |
| pelco_inc | sarix_professional_imp_3_series | <= 02.52 | — |
| pelco_inc | sarix_professional_iwp_3_series | <= 02.52 | — |
| pelco_inc | sarix_professional_ixp_3_series | <= 02.52 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass in the web management interface of Pelco Sarix Professional 3 Series cameras (IMP/IXP/IBP/IWP) running firmware <= 02.52; certain functionality is accessible without authentication, potentially exposing live video streams. ↗
- →The vulnerability is network-accessible with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N); monitor for unauthenticated HTTP requests to the camera web management interface on affected devices. ↗
- →Affected firmware versions to flag in asset inventory: Sarix Professional IMP/IXP/IBP/IWP 3 Series firmware <= 02.52. ↗
- ·No known public exploitation has been reported at time of advisory publication; no specific exploit code, IOCs, or attack tooling has been publicly disclosed for this CVE. ↗
- ·The bypass mechanism (alternate path or channel, CWE-288) is described only at a high level; the specific unauthenticated endpoint or parameter is not disclosed in available sources, limiting precise signature creation. ↗
CVSS provenance
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa6.3MEDIUM
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
vendor_redhat·2026-06-12·CVSS 6.8
CVE-2026-45673 [MEDIUM] CWE-1241 netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning (Kaminsky attack). Versions 4.1.135.Final and 4.2.15.Final patch the issue.
A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator (PRNG) for DNS transaction IDs and a static User Datagram Protocol (UDP) source port. This combination significantly reduces the randomness of DNS
Red Hat
keylime: Keylime: Security bypass due to hardcoded TPM quote nonce
vendor_redhat·2026-05-06·CVSS 6.3
CVE-2026-6420 [MEDIUM] CWE-1241 keylime: Keylime: Security bypass due to hardcoded TPM quote nonce
keylime: Keylime: Security bypass due to hardcoded TPM quote nonce
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.
Mitigation: Primary fix (one-line change in keylime/models/verifier/evidence.py):
Before (vulnerable):
def generate_challenge(self, bit_length):
self.challenge = Nonce.generate(bit_length)
self.challenge = bytes.fromhex("49beed365aac777dae23
Red Hat
github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation
vendor_redhat·2026-03-06·CVSS 7.5
CVE-2026-26018 [HIGH] CWE-1241 github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation
github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detect
CISA ICS
Pelco, Inc. Sarix Pro 3 Series IP Cameras
cisa_ics·2026-02-26·CVSS 8.7
[HIGH] Pelco, Inc. Sarix Pro 3 Series IP Cameras
ICS Advisory
##
Pelco, Inc. Sarix Pro 3 Series IP Cameras
Release DateFebruary 26, 2026
Alert CodeICSA-26-057-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues.
The following versions of Pelco, Inc. Sarix Pro 3 Series IP Cameras are affected:
- Sarix Professional IMP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IXP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IBP 3 Series <=02.52 (CVE-2026-1241)
- Sarix Professional IWP 3 Series <=02.5
Red Hat
kernel: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
vendor_redhat·2026-02-04·CVSS 7.8
CVE-2026-23089 [HIGH] CWE-825 kernel: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
kernel: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees
mixer->id_elems but the controls already added to the card still
reference the freed memory. Later when snd_card_register() runs,
the OSS mixer layer calls their callbacks and hits a use-after-free read.
Call trace:
get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411
get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixer.c:1241
mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381
snd_mixer_oss_build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887
...
snd_card_register+0x4ed/0x6d0 sound/core/init.c:923
usb_audio_probe+0x5ef/0x2a90
GHSA
GHSA-x79r-7fxv-8xh2: The Pelco, Inc
ghsa_unreviewed·2026-02-26
CVE-2026-1241 [HIGH] CWE-288 GHSA-x79r-7fxv-8xh2: The Pelco, Inc
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-26
Published