CVE-2026-44926 Veritas CVE debrief

Who should care

Administrators and security teams responsible for InfoScale CmdServer deployments should review this issue first, especially where the service is reachable from broader internal networks or exposed administrative segments.

Technical summary

NVD currently lists the vulnerability status as "Awaiting Analysis" and maps the issue to CWE-284 (Improper Access Control). The supplied CVSS vector, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicates a remotely reachable issue requiring low privileges and no user interaction, with high impact across confidentiality, integrity, and availability. The NVD record also references vendor-facing security bulletin material and a Veritas support document for remediation context.

Defensive priority

High

Recommended defensive actions

• Confirm whether any InfoScale CmdServer instance is running a version earlier than 7.4.2.
• Review the vendor security bulletin and the referenced Veritas support document for the recommended remediation path.
• Upgrade affected systems to the fixed release identified by the vendor and verify the change across all affected nodes.
• Until remediation is complete, limit network exposure and restrict access to trusted administrative users and management networks.
• Audit CmdServer access-control configuration and review authentication and authorization logs for unexpected activity.
• Monitor the CVE record and NVD entry for status updates or additional vendor guidance.

Evidence notes

The supplied source corpus shows CVE publication and modification on 2026-05-20. NVD metadata lists vulnStatus "Awaiting Analysis," CVSS vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and weakness CWE-284. The CVE references include an InfoScale security bulletin URL and a Veritas support URL, which are the only official references supplied here. No KEV entry or ransomware-campaign use is provided in the corpus.

Official resources