Vulnerability in Ercom Cryptobox

CVE-2026-5794

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.

EPSS: 0.001 (18.1th percentile) — read the EPSS interpretation.

Affected products

Ercom Cryptobox — versions 4.40.175, 4.37.237

Weakness classification (CWE)

CWE-694 — Use of Multiple Resources with Duplicate Identifier

References

psirt@thalesgroup.com (release-notes)