{"cve":{"cve_id":"CVE-2026-25086","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00151,"epss_percentile":0.04649,"epss_as_of":"2026-06-23","description":"Under certain conditions, an attacker could bind to the same port used \nby WebCTRL. This could allow the attacker to craft and send malicious \npackets and impersonate the WebCTRL service without requiring code \ninjection into the WebCTRL software.","published_at":"2026-03-20T23:14:23.075000Z","last_modified_at":null,"cvss_v3_score":7.7,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-605"],"nvd_references":["https://www.automatedlogic.com/en/company/security-commitment/","https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08","https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:23.615645Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"automated-logic","vendor_name":"Automated Logic","product_slug":"webctrl-premium-server","product_name":"WebCTRL Premium Server","version_start":"0","version_start_inclusive":true,"version_end":"v8.5","version_end_inclusive":false,"cpe23_uri":"cve5:automated-logic:webctrl-premium-server:0:v8.5"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.automatedlogic.com/en/company/security-commitment/","source_type":"MISC","tags":["patch"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-078-08.json","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-03-20T23:14:23.075000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:52:05.081614Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:52:05.081614Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:52:05.081614Z","label":"CVSS score revised","source":"cvelistv5"}]}