PatchSiren

ST Engineering iDirect CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH ST Engineering iDirect CVE published 2026-07-10

CVE-2026-38059

The CVE-2026-38059 debrief provides an in-depth analysis of the iDirect iQ200 API authentication bypass vulnerability. The vulnerability exposes /api/identity and /api/ REST API endpoints without authentication, allowing an unauthenticated attacker with network access to retrieve sensitive device information. This information can be used for terminal impersonation and network reconnaissance in the iDirect [truncated]