Vulnerabilities ›

CVE-2026-8214

Medium

CWE-287 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-8214 is an improper authentication vulnerability in IAS Canias ERP 8.03's RMI Interface that allows remote attackers to bypass authentication by manipulating the sessionId parameter. The vulnerability has a CVSS score of 5.3 and public exploits are available.

📄 Description (Arabic)

تم اكتشاف ثغرة في تطبيق IAS Canias ERP 8.03 في وظيفة doAction بواجهة RMI حيث يمكن للمهاجمين التلاعب بمعرف الجلسة (sessionId) لتجاوز آليات المصادقة. يمكن تنفيذ الهجوم عن بعد وتوجد استكشافات عامة متاحة للاستخدام.

🤖 ملخص تنفيذي (AI)

This vulnerability affects IAS Canias ERP 8.03, an industrial application used in manufacturing and enterprise resource planning. Remote attackers can bypass authentication mechanisms by tampering with session identifiers, potentially gaining unauthorized access to critical business systems.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

manufacturing energy government

🎯 MITRE ATT&CK Techniques

T1078.001 T1021.002 T1190

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade IAS Canias ERP to a patched version immediately. Implement network segmentation to restrict RMI Interface access to trusted networks only. Deploy intrusion detection systems to monitor for sessionId manipulation attempts. Apply input validation and implement proper session management controls. Contact the vendor for security updates and patches.

🔧 خطوات المعالجة (العربية)

قم بترقية IAS Canias ERP إلى نسخة محدثة فوراً. طبق تقسيم الشبكة لتقييد الوصول إلى واجهة RMI للشبكات الموثوقة فقط. نشر أنظمة كشف التسلل لمراقبة محاولات التلاعب بمعرف الجلسة. طبق التحقق من صحة المدخلات وتطبيق عناصر تحكم إدارة الجلسات الصحيحة. تواصل مع البائع للحصول على تحديثات الأمان والتصحيحات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 SI-6

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.14.2.1

🔗 References & Sources 4

🔗

https://gist.github.com/0xb1lal/3ef872a445310c5866d07d6a5b1803fa

cna@vuldb.com

🔗

https://vuldb.com/submit/808238

cna@vuldb.com

🔗

https://vuldb.com/vuln/362431

cna@vuldb.com

🔗

https://vuldb.com/vuln/362431/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-287

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-287

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-8214

💬 Comments

Introduce Yourself

Sign In Required