PatchSiren cyber security CVE debrief
CVE-2026-22312 Radiflow CVE debrief
CVE-2026-22312 is a HIGH severity vulnerability with a CVSS score of 8.6. The device has a webserver that exposes a REST API authenticated with a constant token. An unauthenticated API can be used by an attacker to get access to system settings, modify the configuration and execute some commands (e.g., system reboot).
- Vendor
- Radiflow
- Product
- iSAP Smart Collector
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of the affected product should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L and is classified under CWE-798.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates as recommended by the vendor.
- Restrict access to the webserver and REST API.
- Monitor system settings and configuration for suspicious activity.
Evidence notes
The CVE record was obtained from CVE.org [resourceLinkAnnotations:cve-org]. Additional information was obtained from NVD [resourceLinkAnnotations:nvd].
Official resources
-
CVE-2026-22312 CVE record
CVE.org
-
CVE-2026-22312 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CVE-2026-22312 was published on 2026-06-16T20:16:28.590Z and modified on 2026-06-16T20:47:43.440Z.