What is GHSA-x454-wfv6-72h8?

GHSA-x454-wfv6-72h8 is a security advisory published by GitHub Security Advisories with Medium severity. NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows...

Which CVE IDs does GHSA-x454-wfv6-72h8 cover?

GHSA-x454-wfv6-72h8 covers the following CVE IDs: CVE-2026-21404. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-x454-wfv6-72h8?

GHSA-x454-wfv6-72h8 has a CVSS v3 base score of 6.3, published by GitHub Security Advisories.

GHSA-x454-wfv6-72h8MediumCVSS 6.3

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows...

Vendor

GitHub Security Advisories

Published

June 4, 2026

Last Modified

June 4, 2026

🔗 CVE IDs covered (1)

CVE-2026-21404 →

📋 Description

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-21404
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-155-01
https://github.com/advisories/GHSA-x454-wfv6-72h8