partition is vulnerable to a privilege escalation attack that could
allow an authorized attacker to access any space managed by the affected
product.
Project Subscriptions
No data.
No advisories yet.
Solution
Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13. To further enhance security after applying the update: * Operate ProAccess Space on a protected internal network and avoid exposing it directly to the Internet. * Restrict operator-level accounts to the minimum required and apply least-privilege principles. * If feasible, disable the partitioning feature and operate under a single partition. * When strong tenant separation is required, consider running separate Space instances (isolated environments) rather than relying solely on logical partitioning.
Workaround
No workaround given by the vendor.
Thu, 16 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product. | |
| Title | SALTO ProAccess Space Authorization Bypass Through User-Controlled Key | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-07-16T20:38:46.479Z
Reserved: 2026-06-10T14:40:08.574Z
Link: CVE-2026-11889
No data.
No data.
No data.
OpenCVE Enrichment
No data.