CVE-2026-22055
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform
CVSS
8.8
High
EPSS
0.2%
p15
KEV
—
Exploit Today
4
0-100
Published: Jun 3, 2026 · Last modified: Jun 30, 2026 · CWE-259
0.2%EPSS · 30 days0.2%
2026-06-302026-07-17
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-388857.5 HIG41.0%
——12An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application.13dCVE-2024-353958.8 HIG35.5%
——11TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.9dCVE-2026-220548.8 HIG14.6%
——4Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.18d