CVE-2026-46748
HIGHDescription
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
| siemens | sinec_ins |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-46748? +
How severe is CVE-2026-46748? +
What products are affected by CVE-2026-46748? +
How do I check if I'm vulnerable to CVE-2026-46748? +
Related Vulnerabilities
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power …
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution …