CVE-2025-26155

CRITICAL

Ncp-e Ncp Secure Entry Client - Untrusted Search Path

Title source: rule
STIX 2.1

Description

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0007
EPSS Percentile 20.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-426
Status published
Products (2)
ncp-e/ncp_secure_entry_client 13.19
ncp-e/secure_enterprise_client 13.18
Published Nov 26, 2025
Tracked Since Feb 18, 2026