cbcvebase.
CVE-2026-2624
published 2026-02-25

CVE-2026-2624: Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows…

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.19%
80.2th percentile
Missing Authentication for Critical Function vulnerability in ePati Cyber ​​Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass. This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.

Affected

2 ranges
VendorProductVersion rangeFixed in
epatiantikor_next_generation_firewall>= 2.0.1298 < 2.0.13012.0.1301
epati_cyber_security_technologies_incantikor_next_generation_firewall>= v.2.0.1298 < v.2.0.1301v.2.0.1301

Detection & IOCsextracted from sources · hover to see the quote

urlwss://{target_ip}:{target_port}/sock/{server_id}/{session_id}/websocket
port8800
command{"istekId":"req_init_01","komut":"rapor-dinle","parametreler":["cluster-durum"]}
command{"istekId":"req_101","komut":"paket-liste-dinle","parametreler":[]}
path/sock/{server_id}/{session_id}/websocket
  • Detect unauthenticated WebSocket connections to the SockJS endpoint path pattern /sock/<3-digit-int>/<8-char-alphanumeric>/websocket on port 8800 without a preceding authentication handshake.
  • Flag SSL connections to port 8800 that bypass certificate validation (CERT_NONE) and immediately send SockJS WebSocket upgrade requests — indicative of automated exploitation tooling.
  • Affected versions are v.2.0.1298 up to (not including) v.2.0.1301; presence of these version strings in banner/HTTP responses can confirm an unpatched target.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.