CVE-2026-2624
published 2026-02-25CVE-2026-2624: Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows…
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.19%
80.2th percentile
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.
This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| epati | antikor_next_generation_firewall | >= 2.0.1298 < 2.0.1301 | 2.0.1301 |
| epati_cyber_security_technologies_inc | antikor_next_generation_firewall | >= v.2.0.1298 < v.2.0.1301 | v.2.0.1301 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated WebSocket connections to the SockJS endpoint path pattern /sock/<3-digit-int>/<8-char-alphanumeric>/websocket on port 8800 without a preceding authentication handshake. ↗
- →Flag SSL connections to port 8800 that bypass certificate validation (CERT_NONE) and immediately send SockJS WebSocket upgrade requests — indicative of automated exploitation tooling. ↗
- →Affected versions are v.2.0.1298 up to (not including) v.2.0.1301; presence of these version strings in banner/HTTP responses can confirm an unpatched target. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ePati Cyber Security Antikor Next Generation Firewall prior 2.0.1301 missing authentication (EUVD-2026-8639 / EDB-52562)
vuldb·2026-06-08·CVSS 9.8
CVE-2026-2624 [CRITICAL] ePati Cyber Security Antikor Next Generation Firewall prior 2.0.1301 missing authentication (EUVD-2026-8639 / EDB-52562)
A vulnerability, which was classified as critical, has been found in ePati Cyber Security Antikor Next Generation Firewall. The impacted element is an unknown function. This manipulation causes missing authentication.
This vulnerability is handled as CVE-2026-2624. The attack can be initiated remotely. Additionally, an exploit exists.
It is advisable to upgrade the affected component.
GHSA
GHSA-jqcj-pmgf-5g3q: Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc
ghsa_unreviewed·2026-02-25
CVE-2026-2624 [CRITICAL] CWE-306 GHSA-jqcj-pmgf-5g3q: Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
No detection rules found.
No writeups or analysis indexed.
2026-02-25
Published