Login Sign Up

CVE-2026-2693

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthorized access to system dashboard information in CoCoTeaNet CyreneAdmin up to version 1.3.0. Attackers can remotely exploit the /api/system/dashboard/getCount endpoint to access sensitive system information without proper authentication. Organizations using vulnerable versions of CyreneAdmin are affected.

💻 Affected Systems

Products:
  • CoCoTeaNet CyreneAdmin
Versions: Up to and including 1.3.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the System Info Endpoint component specifically at /api/system/dashboard/getCount

📦 What is this software?

Cyreneadmin by Cocoteanet

View all CVEs affecting Cyreneadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to sensitive system information, potentially enabling reconnaissance for further attacks or exposing confidential system data.

🟠

Likely Case

Unauthorized users access system dashboard metrics and configuration information that should be restricted to administrators.

🟢

If Mitigated

Proper authentication controls prevent unauthorized access, limiting exposure to legitimate users only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit has been publicly disclosed and remote attack vectors are confirmed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for updates beyond version 1.3.0. Consider upgrading to latest version if available.

🔧 Temporary Workarounds

Restrict API Endpoint Access

linux

Block or restrict access to the vulnerable endpoint using network controls

iptables -A INPUT -p tcp --dport [PORT] -m string --string "/api/system/dashboard/getCount" --algo bm -j DROP

Implement Authentication Proxy

all

Place authentication proxy in front of CyreneAdmin to enforce proper authorization

🧯 If You Can't Patch

  • Implement network segmentation to isolate CyreneAdmin from untrusted networks
  • Deploy web application firewall (WAF) with rules to block unauthorized access to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check if CyreneAdmin version is 1.3.0 or earlier and test if /api/system/dashboard/getCount endpoint is accessible without proper authentication

Check Version:

Check CyreneAdmin admin interface or configuration files for version information

Verify Fix Applied:

Verify that the endpoint now requires proper authentication or returns appropriate authorization errors

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to /api/system/dashboard/getCount
  • Multiple failed authentication attempts followed by successful dashboard access

Network Indicators:

  • Unusual traffic patterns to system info endpoints
  • Requests to /api/system/dashboard/getCount from unauthorized IPs

SIEM Query:

source="cyreneadmin" AND (uri="/api/system/dashboard/getCount" AND NOT user="admin")

📊 Metadata

CVE ID: CVE-2026-2693
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-266
Published: February 19, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2693, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)