What is CVE-2026-2250?

CVE-2026-2250 is a high-severity vulnerability in Metis Cyberspace Technology Sa Wic, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-02-11.

How severe is CVE-2026-2250?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Metis Cyberspace Technology Sa Wic

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is conf…

EPSS: 0.001 (30.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Metis Cyberspace Technology Sa Wic — versions oscore 2.1.234-r18, oscore 2.1.235-r19

Weakness classification (CWE)

References

www.metis.tech/ (x_vendor-website)
cydome.io/vulnerability-advisory-cve-2026-2250-unauthenticated-data-exfilterati… (technical-description)

Frequently asked questions

What is CVE-2026-2250?: CVE-2026-2250 is a high-severity vulnerability in Metis Cyberspace Technology Sa Wic, classified under Improper Access Control. CVSS score: 7.5/10. Published 2026-02-11.
How severe is CVE-2026-2250?: High severity. CVSS v3 base score is 7.5 out of 10.