PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-38059 ST Engineering iDirect CVE debrief

The CVE-2026-38059 debrief provides an in-depth analysis of the iDirect iQ200 API authentication bypass vulnerability. The vulnerability exposes /api/identity and /api/ REST API endpoints without authentication, allowing an unauthenticated attacker with network access to retrieve sensitive device information. This information can be used for terminal impersonation and network reconnaissance in the iDirect platform. Organizations using iDirect iQ200 devices should prioritize patching to prevent potential exploitation.

Vendor
ST Engineering iDirect
Product
Evolution iQ‑Series terminals
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Organizations using iDirect iQ200 devices, particularly those in critical infrastructure or satellite network environments, should prioritize patching to prevent potential terminal impersonation and network reconnaissance. The vulnerability's high severity and potential impact on device security necessitate prompt attention from operators, platform administrators, and security teams.

Technical summary

CVE-2026-38059 is a high-severity vulnerability in the iDirect iQ200 device, exposing /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information, including serial number, Device ID (DID), Terminal Private Key identifier (TPK), MAC address, and exact firmware version. This information can be used for terminal impersonation and network reconnaissance in the iDirect platform. The vulnerability's technical details and potential impact should be carefully reviewed by affected operators and security teams.

Defensive priority

High priority should be given to patching iDirect iQ200 devices to prevent potential exploitation.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to address the authentication bypass vulnerability.
  • Implement network access controls to restrict access to the affected API endpoints.
  • Monitor device logs for suspicious activity and implement additional security measures as needed.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-10T15:16:39.563Z and has not been modified since then. The NVD entry is currently awaiting analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The iDirect iQ200 device is potentially exposed to terminal impersonation and network reconnaissance due to the authentication bypass vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:39.563Z and has not been modified since then.