By weakness (CWE)
CWE-942: related vulnerabilities
CVEs classified under CWE-942. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-10056HIGH 7.5
Network Optix Nx Witness VMS contains a cross-origin resource sharing (CORS) misconfiguration in its REST API that allows an unauthenticated attacker to steal a logged-in user's session token and hijack their administrator account. The vulnerability exists only in the default Standard security mode on Linux and Windows systems running versions prior to 6.1.2. An attacker would craft a malicious web page and trick a victim into visiting it while authenticated to the VMS; the browser would then leak the session credentials to the attacker. The High security mode configuration is not affected by this flaw.