PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2398 Adam Retail Automation Ltd. CVE debrief

CVE-2026-2398 is an authorization bypass through a user-controlled key vulnerability in MobilMen 20T by Adam Retail Automation Ltd. This issue allows for privilege escalation and has a CVSS score of 8.8, indicating high severity. The affected versions of MobilMen 20T range from v3 through 10072026. Users should review official advisories and assess potential impact.

Vendor
Adam Retail Automation Ltd.
Product
MobilMen 20T
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of MobilMen 20T, particularly those using versions from v3 through 10072026, should be aware of this vulnerability and take necessary precautions to mitigate the risk. Operators, platform administrators, and security teams may need to review and act on this vulnerability.

Technical summary

The vulnerability is caused by an authorization bypass through a user-controlled key in MobilMen 20T. This allows an attacker to escalate privileges. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Affected product context indicates potential operational impact. The issue affects MobilMen 20T versions from v3 through 10072026. Users should review official advisories and assess potential impact. The CVE record was published on 2026-07-10T17:16:56.320Z and was last modified on 2026-07-10T18:16:20.733Z. The NVD entry is currently Deferred.

Defensive priority

High priority should be given to patching or mitigating this vulnerability due to its high CVSS score and potential for privilege escalation.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the vulnerability.
  • Implement compensating controls to limit the attack surface.
  • Monitor systems for suspicious activity.
  • Inventory and verify the versions of MobilMen 20T in use.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-10T17:16:56.320Z and was last modified on 2026-07-10T18:16:20.733Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T17:16:56.320Z and has not been modified since then. The NVD entry is currently Deferred.