CVE 9.3 CRITICAL

SenseLive X3050 Authentication bypass using an alternate path or channel_CVE-2026-40630

April 23, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

AI Analysis

Authentication bypass vulnerability in SenseLive X3050’s web management interface

Basic Information

ID CVE-2026-40630

Source icscert

Published Apr 23, 2026 at 23:45

Affected Product

Vendor SenseLive

Product X3050

Version V1.523

Affected Versions SenseLive X3050 V1.523

CWE Classification

CWE-288

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SenseLive

Product X3050

Version V1.523

References

{
    "lastseen": "",
    "description": "A vulnerability in SenseLive X3050\u2019s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.",
    "published": "2026-04-23T23:45:46.695Z",
    "modified": "2026-04-23T23:45:46.695Z",
    "type": "cve",
    "title": "SenseLive X3050 Authentication bypass using an alternate path or channel",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json\nhttps://senselive.io/contact",
    "id": "CVE-2026-40630",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "SenseLive X3050 V1.523",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X3050",
    "version": "V1.523",
    "vendor": "SenseLive",
    "ai_description": "Authentication bypass vulnerability in SenseLive X3050\u2019s web management interface",
    "ai_severity": "Critical",
    "ai_vendor": "SenseLive",
    "ai_product": "X3050",
    "ai_version": "V1.523",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply