CVE-2026-40630

CRITICAL

SenseLive X3050 Authentication bypass using an alternate path or channel

Title source: cna

Description

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

References (3)

Core 3

Core References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json

View Writeup ZIP pw:eip

https://senselive.io/contact

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 44.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-288

Status published

Products (2)

SenseLive/X3050 V1.523

senselive/x3500_firmware 1.523

Published Apr 24, 2026

Tracked Since Apr 24, 2026