CVE-2026-32963 Raw CVE debrief

Who should care

Administrators and operators running Silex Technology SD-330AC firmware 1.42 or earlier, or AMC Manager 5.0.2 or earlier, especially where the web management interface is accessible to users.

Technical summary

The advisory describes an Improper Neutralization of Input During Web Page Generation (cross-site scripting) issue affecting Silex Technology SD-330AC and AMC Manager. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability with user interaction required and low confidentiality/integrity impact in the browser context. Remediation is listed for SD-330AC firmware 1.50 or later and AMC Manager 5.1.0 or later; CISA also records a mitigation to disable HTTP/HTTPS service.

Defensive priority

Medium: prioritize near-term remediation because the issue is network-reachable, user interaction is required, and vendor fixes are already available.

Recommended defensive actions

• Upgrade SD-330AC firmware to 1.50 or later.
• Upgrade AMC Manager to 5.1.0 or later.
• If you cannot patch immediately, disable the HTTP/HTTPS service as recommended in the advisory.
• Limit access to the management interface to trusted administrative networks only.
• Review the CISA and JPCERT advisory references for any follow-up guidance or updates.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-26-111-10 and its remediation entries, published 2026-04-21. The advisory text states the XSS condition, the affected product/version ranges, the CVSS v3.1 vector, and the vendor-provided fixed versions plus mitigation. The supplied enrichment does not list a KEV entry.

Official resources