PatchSiren cyber security CVE debrief
CVE-2026-11848 IEI Integration Corp CVE debrief
CVE-2026-11848 is a HIGH severity vulnerability with a CVSS score of 7.9. The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability. This vulnerability allows unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.
- Vendor
- IEI Integration Corp
- Product
- iRM-TSi410X
- CVSS
- HIGH 7.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of the iRM-IEI Remote Management system developed by IEI Integration Corp should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has been assigned a CVSS vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-306.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Implement additional authentication mechanisms to protect the system.
Evidence notes
The CVE record and details can be found at [cve-org]. For more information, refer to [nvd]. Additional references include [ref-4] and [ref-5].
Official resources
CVE-2026-11848 was published on 2026-06-12T11:16:22.393Z and modified on 2026-06-12T16:00:18.860Z.