cbcvebase.

Suprema Biostar 2 vulnerabilities

3 known vulnerabilities affecting suprema/biostar_2.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-9508P2CRITICALCVSS 10.0≥ v2.9.3, ≤ v2.9.112026-05-29
CVE-2026-9508 [CRITICAL] CWE-732 CVE-2026-9508: Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2. Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly download backup ZIP files via ‘http(s)://[server]/downloa
nvd
CVE-2026-9509P3HIGHCVSS 8.7vv2.9.11vv2.9.10+1 more2026-05-29
CVE-2026-9509 [HIGH] CWE-248 CVE-2026-9509: An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allow An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes, leaving the system offline until the services or server
nvd
CVE-2025-41257P4MEDIUMCVSS 4.8v2.9.11.62026-03-04
CVE-2025-41257 [MEDIUM] CWE-20 CVE-2025-41257: Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the curre Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
nvd
Suprema Biostar 2 vulnerabilities | cvebase