PT-2026-58004 · Siemens · Opcenter X

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-56451

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Opcenter X versions prior to V2604
Description An issue exists where the application fails to properly validate the algorithm specified in the JSON Web Token (JWT) header. This flaw allows an unauthenticated remote attacker to forge arbitrary JWTs, bypass authentication mechanisms, and impersonate any user, including administrative accounts, which could lead to full unauthorized access to the application.
Recommendations Update to version V2604 or later.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56451

Affected Products

Opcenter X