A stored cross-site scripting (XSS) vulnerability exists in the web management interface of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. An authenticated administrator can inject script into certain system configuration fields, which executes in the browser of users viewing affected pages. This issue has a CVSS score of 4.8 and is classified as MEDIUM severity. Administrators and user [truncated]
CVE-2026-12352 is an authentication bypass vulnerability in products from Digi. The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device. The CVE record was published on 2026-07-07T15:16:42.283Z and has not been modified since then. Security teams should assess the vulnerability's impact on their systems, especially if using products from Digi.