CVE-2026-21404 – NAVTOR NavBox Use of Hard-coded Credentials

CVE ID :CVE-2026-21404

Published : June 4, 2026, 8:16 p.m. | 16 minutes ago

Description :NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5589 – Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.

CVE-2026-41522 – Iris has an Improper Authorization issue

CVE-2026-41518 – Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

CVE-2026-41249 – CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration