PatchSiren cyber security CVE debrief
CVE-2026-8046 CODESYS CVE debrief
A high-severity authorization bypass vulnerability in user account deletion functionality allows authenticated low-privilege attackers to delete arbitrary user accounts, including administrative accounts. The vulnerability stems from missing authorization checks when processing account deletion requests. Published 2026-05-26 by CERT@VDE with NVD entry, currently awaiting analysis. No known exploitation in the wild or ransomware campaign association.
- Vendor
- CODESYS
- Product
- CODESYS Control RTE (SL)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-26
Who should care
System administrators managing multi-user applications with role-based access control, security teams monitoring for insider threats or compromised low-privilege accounts, and organizations relying on user management interfaces for operational technology or industrial control systems given CERT@VDE's coordination role
Technical summary
The vulnerability exists in user account deletion functionality where the application fails to verify that the requesting user possesses sufficient privileges to delete the target account. An authenticated attacker with low privileges can send crafted deletion requests targeting arbitrary user IDs, including administrators. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H) indicates network-exploitable with low complexity, requiring low privileges but no user interaction, with high impact to integrity and availability but no confidentiality impact. CWE-863 (Incorrect Authorization) is the classified root cause.
Defensive priority
HIGH
Recommended defensive actions
- Audit user account deletion endpoints for missing authorization checks against the requesting user's privileges relative to the target account
- Implement strict authorization controls ensuring deletion operations verify the requester has higher or equal privileges to the target account
- Review application logs for anomalous account deletion activity, particularly low-privilege accounts deleting administrative accounts
- Apply vendor patches when available from CERT@VDE advisory VDE-2026-056
- Consider implementing soft-delete or approval workflows for account deletion operations to enable recovery and audit trails
Evidence notes
CVE published 2026-05-26T08:16:22Z by NVD with source reference to CERT@VDE advisory VDE-2026-056. CVSS 4.0 vector confirms network attack vector with low attack complexity, low privileges required, and high impact to integrity and availability. CWE-863 (Incorrect Authorization) classified as primary weakness. Vendor identification marked low confidence requiring review—'Certvde' domain reference suggests German industrial CERT coordination.
Official resources
-
CVE-2026-8046 CVE record
CVE.org
-
CVE-2026-8046 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-26