HIGH
ST Engineering iDirect
CVE published 2026-07-10
CVE-2026-38059
The CVE-2026-38059 debrief provides an in-depth analysis of the iDirect iQ200 API authentication bypass vulnerability. The vulnerability exposes /api/identity and /api/ REST API endpoints without authentication, allowing an unauthenticated attacker with network access to retrieve sensitive device information. This information can be used for terminal impersonation and network reconnaissance in the iDirect [truncated]