Microchip · Istax · CVE-2026-2336
**Name of the Vulnerable Software and Affected Versions**
Microchip IStaX versions prior to 2026.03
**Description**
An authenticated low-privileged user can recover a shared per-device cookie secret from their own `webstax auth` session cookie. This allows the user to forge a new cookie with administrative privileges, leading to privilege escalation.
**Recommendations**
Update to version 2026.03.