CVE-2026-32957 Raw CVE debrief

Who should care

Administrators and operators responsible for Silex Technology SD-330AC appliances and AMC Manager deployments, especially where the management interface is reachable over HTTP/HTTPS.

Technical summary

CISA's CSAF advisory for ICSA-26-111-10 describes a Missing Authentication for Critical Function issue affecting Silex Technology SD-330AC firmware versions up to 1.42 and AMC Manager versions up to 5.0.2. The stated impact is that an attacker can upload arbitrary files to the device without authentication. The advisory lists SD-330AC firmware 1.50 or later and AMC Manager 5.1.0 or later as vendor fixes, and also recommends disabling HTTP/HTTPS service as a mitigation.

Defensive priority

Medium. Prioritize remediation for any exposed or operationally important device because the flaw is unauthenticated and affects device integrity.

Recommended defensive actions

• Inventory Silex Technology SD-330AC and AMC Manager deployments and identify any systems running SD-330AC firmware 1.42 or earlier or AMC Manager 5.0.2 or earlier.
• Upgrade SD-330AC to firmware version 1.50 or later.
• Upgrade AMC Manager to version 5.1.0 or later.
• If immediate upgrading is not possible, disable HTTP/HTTPS service as CISA recommends for this issue set.
• Verify the vendor and JPCERT/CC advisories linked from the CISA record for deployment-specific guidance.

Evidence notes

The source corpus is the CISA CSAF advisory ICSA-26-111-10, published 2026-04-21T06:00:00Z, with the same modified timestamp in the supplied record. The advisory explicitly states the unauthenticated arbitrary file upload condition and lists remediation versions and mitigation text. The supplied SSVCv2 timestamp is 2026-04-20T06:00:00Z and should be treated as assessment context, not the issue date. No KEV listing is present in the provided data.

Official resources