What is GHSA-xw3c-vh4p-m7j2?

GHSA-xw3c-vh4p-m7j2 is a security advisory published by GitHub Security Advisories with Medium severity. The Naxclow platform exposes a registration endpoint that accepts signed requests containing a...

Which CVE IDs does GHSA-xw3c-vh4p-m7j2 cover?

GHSA-xw3c-vh4p-m7j2 covers the following CVE IDs: CVE-2026-50244. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-xw3c-vh4p-m7j2?

GHSA-xw3c-vh4p-m7j2 has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-xw3c-vh4p-m7j2MediumCVSS 5.3

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a...

Vendor

GitHub Security Advisories

Published

June 12, 2026

Last Modified

June 12, 2026

🔗 CVE IDs covered (1)

CVE-2026-50244 →

📋 Description

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint’s behavior enables precise fleet enumeration.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-50244
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02
https://github.com/advisories/GHSA-xw3c-vh4p-m7j2