{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-11801", "assignerOrgId": "00000000-0000-4000-9000-000000000000", "state": "PUBLISHED" }, "containers": { "cna": { "providerMetadata": { "orgId": "00000000-0000-4000-9000-000000000000" }, "title": "Router management interface exposed to the public internet", "descriptions": [ { "lang": "en", "value": "The affected deployments exposed an inherited administrative listener to the public internet and did not consistently enforce MFA or origin restrictions on management requests. This lowered the barrier for credential attacks and privileged reconfiguration." } ], "affected": [ { "vendor": "Sentinel Research Collective", "product": "VAPT Edge Controller 3.x and downstream deployments with legacy admin exposure", "versions": [ { "version": "VAPT Edge Controller 3.0.0 through 3.4.7", "status": "affected" }, { "version": "VAPT Edge Controller 3.4.8 and later with restricted management exposure", "status": "unaffected" } ], "defaultStatus": "unknown" } ], "references": [ { "name": "Remediation guidance", "tags": [ "third-party-advisory" ], "url": "https://vapt.com/advisory/cve-2026-11801" }, { "name": "Operator hardening checklist", "tags": [ "third-party-advisory" ], "url": "https://vapt.example/docs/hardening/router-management" } ], "credits": [ { "lang": "en", "type": "finder", "value": "R. Navarro" } ], "metrics": [ { "cvssV3_1": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "baseScore": 8.2, "baseSeverity": "HIGH" } } ] } } }