Navtor Navbox
4 CVEs affecting Navtor Navbox. Latest disclosed: 2026-06-04. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2754 | High | 7.5 | 2026-03-06 | Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with… |
CVE-2026-2753 | High | 7.5 | 2026-03-06 | An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path in… |
CVE-2026-21404 | Medium | 6.3 | 2026-06-04 | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP function… |
CVE-2026-2752 | Medium | 5.3 | 2026-03-06 | Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandle… |