CVE-2025-26339

216.73.217.22

· Published 12/02/2025 14:15 · Modified 12/02/2025 14:15

Labels: CVE-2025-26339 2025-02-12 CVE-2025-26339 CWE-306 [email protected]

Essential information

Published: 12/02/2025 14:15
Modified: 12/02/2025 14:15
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability in multiple unspecified ways via crafted HTTP requests.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

CVE-2025-26339

Essential information

CVSS metrics

Description

NVD status

References