CVE-2026-40425NVD

Vulnerability Summary

The administrator account for the

Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.

Severity Level

MEDIUM(5.7)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

EPSS Score (30-Day)

0.04%Probability

CVSS v3.1 Base Metrics

Attack VectorAdjacent

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityLow

AvailabilityLow

External References

https://www.danelec.com/contact
https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-01.json