PatchSiren cyber security CVE debrief
CVE-2026-44924 Veritas CVE debrief
CVE-2026-44924 is a cross-site scripting issue affecting InfoScale VIOM 9.1.3. The NVD record lists CWE-79 and a CVSS 3.1 base score of 5.4 (Medium), with attack characteristics that require low privileges and user interaction. Vendor bulletin references are present in the source set, but the vendor attribution in the provided corpus is not fully resolved, so the safest reading is to treat the issue as a confirmed XSS in the InfoScale/VIOM line pending local product mapping.
- Vendor
- Veritas
- Product
- InfoScale VIOM 9.1.3
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-21
Who should care
Administrators and security teams responsible for InfoScale VIOM deployments, especially environments where users access the web interface and where authenticated users can create or submit content that may be rendered in-browser.
Technical summary
The source corpus describes CVE-2026-44924 as an XSS condition in InfoScale VIOM 9.1.3. NVD maps the weakness to CWE-79 and provides the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, low attack complexity, required low privileges, and required user interaction. The scope-change designation suggests the impact can extend beyond the initial vulnerable component. The available references point to a vendor security bulletin covering CVE-2026-44923, CVE-2026-44924, and CVE-2026-44925, plus a related Veritas support document.
Defensive priority
Medium. The issue is publicly disclosed, remotely reachable, and requires user interaction, so it is worth prompt review in any exposed VIOM web deployment, but the available evidence does not indicate known exploitation or ransomware use.
Recommended defensive actions
- Identify whether any deployed systems match InfoScale VIOM 9.1.3 or the related vendor bulletin scope.
- Review the vendor security bulletin and support documentation linked in the source corpus for the applicable fix or remediation guidance.
- Restrict access to the VIOM web application to trusted networks and users until remediation is confirmed.
- Apply vendor-supplied patches or updates as soon as they are validated in your environment.
- Monitor web application logs for unusual reflected or stored input that could indicate XSS abuse.
- Re-test affected functionality after remediation to confirm the injection path is no longer present.
Evidence notes
The supplied NVD source item lists the vulnerability as 'Awaiting Analysis' and provides CWE-79 plus the CVSS vector. The description in the user-supplied CVE payload states 'InfoScale VIOM 9.1.3 allows XSS.' Reference URLs in the corpus include a vendor bulletin on supportinfoscale.cloud.com and a Veritas support document. The vendor field in the supplied metadata is marked low-confidence/needs review, so vendor naming should be treated cautiously.
Official resources
-
CVE-2026-44924 CVE record
CVE.org
-
CVE-2026-44924 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2026-05-20. The source corpus also shows the NVD record was still marked 'Awaiting Analysis' at the time of the provided feed entry.