CVE-2026-35097 | KTM System e-BOK enforces a maximum password length of six n… | CVSS 6.9 MEDIUM

Description

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.

Metadata

CVE ID: CVE-2026-35097
State: PUBLISHED
Assigner: CERT-PL
Reserved: 2026-04-01 13:05 UTC
Published: 2026-06-30 13:37 UTC
Last updated: 2026-06-30 14:41 UTC
Primary CWE: CWE-521
CWE-521: Weak Password Requirements
Vendor / Product: KTM System / e-BOK
Sources: cve.org · NVD

Severity & Metrics

6.9 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
KTM System	e-BOK	—	0 < 06.2026

Weakness (CWE)

CWE	Source	Description
CWE-521	cna	CWE-521: Weak Password Requirements

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References (2)