CORS Misconfiguration in Network Optix Nx Witness VMS
CVE-2026-10056

7.5HIGH

Key Information:

Vendor: Network Optix
Status: Nx Witness Vms
Vendor: CVE Published:; 29 May 2026

🔔 Create Network Optix Vulnerability Alert

What is CVE-2026-10056?

A CORS misconfiguration in the REST API of Network Optix Nx Witness VMS prior to version 6.1.2, when in the default Standard security mode, poses a risk of session token theft. An attacker can exploit this vulnerability by manipulating a malicious cross-origin web page, targeting authenticated users to gain unauthorized access to their session tokens. This flaw facilitates potential administrator account takeover. To mitigate this risk, users should update to version 6.1.2 or set Access-Control-Allow-Credentials to false in existing installations.

Affected Version(s)

Nx Witness VMS Linux 0 < 6.1.2

References

https://support.networkoptix.com/hc/en-us/articles/392542...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Matan Sandori and 2Bsecure

CVE-2026-10056 Data

JSON