Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'cve-2026-30695'

View all threats tagged with 'cve-2026-30695'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: cve-2026-30695

Threats Tagged 'cve-2026-30695'

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-30695: n/aCVE-2026-30695
0

CVE-2026-30695 is a medium severity Cross-Site Scripting (XSS) vulnerability affecting the web-based configuration interface of Zucchetti Axess access control devices, including models XA4, X3/X3BIO, X4, X7, and XIO/i-door/i-door+. The vulnerability arises from improper sanitization of user input in the dirBrowse parameter of the /file_manager.cgi endpoint. Exploitation requires user interaction but no authentication, allowing an attacker to inject malicious scripts that can compromise confidentiality and integrity. There are no known exploits in the wild and no patches currently available. The vulnerability impacts the confidentiality and integrity of the device management interface but does not affect availability. Organizations using these access control devices should be aware of the risk of session hijacking, credential theft, or unauthorized actions via injected scripts. Mitigation involves restricting access to the management interface, implementing web application firewalls with XSS protections, and monitoring for suspicious activity. Countries with significant deployments of Zucchetti Axess devices, particularly in Europe and Italy, are most at risk. This vulnerability requires prompt attention to prevent potential targeted attacks on physical access control systems.

MediumVulnerabilityItalyItalyGermanyGermanyFranceFrance+7#cve#cve-2026-30695
Join the discussion

Showing 1 to 1 of 1 result

Filters:Tag: cve-2026-30695
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses