What is CVE-2026-21404?

CVE-2026-21404 is a medium-severity vulnerability in Navtor Navbox, classified under Use of Hard-coded Credentials. CVSS score: 6.3/10. Published 2026-06-04.

How severe is CVE-2026-21404?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Navtor Navbox

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intende…

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Navtor Navbox — versions 0, 4.17.2.6

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

References

ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov

Frequently asked questions

What is CVE-2026-21404?: CVE-2026-21404 is a medium-severity vulnerability in Navtor Navbox, classified under Use of Hard-coded Credentials. CVSS score: 6.3/10. Published 2026-06-04.
How severe is CVE-2026-21404?: Medium severity. CVSS v3 base score is 6.3 out of 10.