Back to overview

CVE-2026-58477

HIGH Exploitation: PoC
8.2
CVSS 3.1
Description
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.

Metadata

CVE ID
CVE-2026-58477
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-30 20:20 UTC
Published
2026-07-14 14:39 UTC
Last updated
2026-07-14 16:26 UTC
Primary CWE
CWE-915
Improperly Controlled Modification of Dynamically-Determined…
Vendor / Product
Dan-in-CA / SIP
Sources
cve.org  ·  NVD

Severity & Metrics

8.2 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Dan-in-CA SIP 0 ≤ 5.2.16
Weakness (CWE)
CWESourceDescription
CWE-915 cna Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.8 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
8.2 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Back to overview