Remote Code Execution Vulnerability in Vendor Product
CVE-2023-49900

9.8CRITICAL

Key Information:

Vendor

X-rite

Status
Vendor
CVE Published:
16 July 2026

What is CVE-2023-49900?

A security vulnerability exists in the affected product that allows an unauthenticated remote attacker to execute arbitrary code. This issue is due to insufficient input validation in the SetParameter command, which can be exploited by attackers to inject malicious payloads. Proper sanitization of user input is critical to prevent this type of attack.

Affected Version(s)

MA-T6 0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.