CVE-2026-58477: Improperly Controlled Modification of Dynamically-Determined Object Attributes in Dan-in-CA SIP
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.
AI Analysis
Technical Summary
The Sustainable Irrigation Platform (SIP) by Dan-in-CA through version 5.2.16 suffers from an improper control of dynamically-determined object attributes, specifically a mass assignment vulnerability. This flaw allows unauthenticated attackers to manipulate HTTP request parameters to overwrite sensitive configuration values, including passphrase and listening port settings. Additionally, the absence of adequate request validation permits exploitation through cross-site request forgery (CSRF). The vulnerability is publicly known as CVE-2026-58477 with a CVSS 4.0 score of 8.8, indicating high severity. No vendor advisory or patch information is available at this time, and the product is not a cloud service, so remediation depends on vendor action or user mitigation.
Potential Impact
An attacker can remotely and without authentication overwrite sensitive configuration parameters of the SIP system, potentially compromising system security and availability. The ability to change critical settings such as passphrase and listening port could lead to unauthorized access or denial of service. The vulnerability also allows exploitation via CSRF, increasing the attack surface. No known exploits in the wild have been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected SIP instances, implementing network-level protections, and monitoring for unusual configuration changes. Since the vulnerability allows unauthenticated parameter manipulation and CSRF, applying web application firewalls or similar controls may help mitigate risk.
CVE-2026-58477: Improperly Controlled Modification of Dynamically-Determined Object Attributes in Dan-in-CA SIP
Description
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a mass assignment vulnerability that allows unauthenticated attackers to overwrite sensitive configuration settings by supplying arbitrary parameter names in HTTP requests. Attackers can manipulate parameters corresponding to sensitive values such as the passphrase and listening port, and can also achieve the same result through cross-site request forgery due to the absence of adequate request validation.
CVSS v4.0
Score 8.8high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Sustainable Irrigation Platform (SIP) by Dan-in-CA through version 5.2.16 suffers from an improper control of dynamically-determined object attributes, specifically a mass assignment vulnerability. This flaw allows unauthenticated attackers to manipulate HTTP request parameters to overwrite sensitive configuration values, including passphrase and listening port settings. Additionally, the absence of adequate request validation permits exploitation through cross-site request forgery (CSRF). The vulnerability is publicly known as CVE-2026-58477 with a CVSS 4.0 score of 8.8, indicating high severity. No vendor advisory or patch information is available at this time, and the product is not a cloud service, so remediation depends on vendor action or user mitigation.
Potential Impact
An attacker can remotely and without authentication overwrite sensitive configuration parameters of the SIP system, potentially compromising system security and availability. The ability to change critical settings such as passphrase and listening port could lead to unauthorized access or denial of service. The vulnerability also allows exploitation via CSRF, increasing the attack surface. No known exploits in the wild have been reported yet.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected SIP instances, implementing network-level protections, and monitoring for unusual configuration changes. Since the vulnerability allows unauthenticated parameter manipulation and CSRF, applying web application firewalls or similar controls may help mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-30T20:20:33.791Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a56534168715ace43bba816
Added to database: 07/14/2026, 15:18:25 UTC
Last enriched: 07/14/2026, 15:33:57 UTC
Last updated: 07/14/2026, 16:48:06 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.