Vulnerability in Microchip Istax

CVE-2026-2336

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileg…

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.

Affected products

Microchip Istax — versions 0

Weakness classification (CWE)

CWE-331 — Insufficient Entropy

References

www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-… (vendor-advisory)