CVE-2026-35097: CWE-521: Weak Password Requirements in KTM System e-BOK
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2026-35097 in KTM System e-BOK is due to weak password requirements that restrict passwords to a maximum of six numeric digits only, excluding alphabetic, special, or extended characters. This constraint significantly weakens password strength and could facilitate unauthorized access. The issue was fixed in a patch released in June 2026.
Potential Impact
The weak password policy reduces the effective password space, making it easier for attackers to guess or brute-force passwords. This could lead to unauthorized access to user accounts or sensitive information within the KTM System e-BOK application. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector with low complexity and no privileges or user interaction required, but limited confidentiality, integrity, and availability impact.
Mitigation Recommendations
A patch fixing this vulnerability was published in June 2026. It is recommended to apply this official fix to enforce stronger password policies allowing longer passwords with alphabetic, special, and extended characters. No other mitigation guidance is provided, and no temporary fixes are noted.
CVE-2026-35097: CWE-521: Weak Password Requirements in KTM System e-BOK
Description
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.
CVSS v4.0
Score 6.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability identified as CVE-2026-35097 in KTM System e-BOK is due to weak password requirements that restrict passwords to a maximum of six numeric digits only, excluding alphabetic, special, or extended characters. This constraint significantly weakens password strength and could facilitate unauthorized access. The issue was fixed in a patch released in June 2026.
Potential Impact
The weak password policy reduces the effective password space, making it easier for attackers to guess or brute-force passwords. This could lead to unauthorized access to user accounts or sensitive information within the KTM System e-BOK application. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector with low complexity and no privileges or user interaction required, but limited confidentiality, integrity, and availability impact.
Mitigation Recommendations
A patch fixing this vulnerability was published in June 2026. It is recommended to apply this official fix to enforce stronger password policies allowing longer passwords with alphabetic, special, and extended characters. No other mitigation guidance is provided, and no temporary fixes are noted.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-04-01T13:05:10.153Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a43cd7c27e9c79719e724c3
Added to database: 06/30/2026, 14:06:52 UTC
Last enriched: 06/30/2026, 14:21:23 UTC
Last updated: 06/30/2026, 15:06:36 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.