JWT Header Validation Flaw in Opcenter X Affects Siemens Products
CVE-2026-56451

10CRITICAL

Key Information:

Vendor

Siemens

Vendor
CVE Published:
14 July 2026

What is CVE-2026-56451?

A security issue has been identified in Opcenter X, where applications fail to properly validate the algorithm specified in the JSON Web Token (JWT) header. This vulnerability allows an unauthenticated remote attacker to forge arbitrary JWTs. Consequently, the attacker can bypass authentication mechanisms leading to the impersonation of any user, including those with administrative privileges. If exploited, this could grant the attacker full unauthorized access to the application and its sensitive information.

Affected Version(s)

Opcenter X 0

References

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.