CVE-2026-3873 - Vulnerability Details - OpenCVE

Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00009.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.avantra.com/hc/en-us/articles/5352465121695-Security-Notice-Legacy-Built-In-User-Account-rtm

History

Fri, 13 Mar 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description	Use of Hard-coded Credentials vulnerability in Avnatra Avantra allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avantra: before 25.3.0.	Use of Hard-coded Credentials vulnerability in Avantra allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Avantra: before 25.3.0.

Fri, 13 Mar 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		Use of Hard-coded Credentials vulnerability in Avnatra Avantra allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avantra: before 25.3.0.
Title		Legacy built-in user account
Weaknesses		CWE-798
References		https://support.avantra.com/hc/en-us/articles/5352465121695-Security-Notice-Legacy-Built-In-User-Account-rtm
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2026-03-13T08:14:29.350Z

Updated: 2026-03-13T16:05:47.203Z

Reserved: 2026-03-10T10:16:02.391Z

Link: CVE-2026-3873

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3873", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2026-03-10T10:16:02.391Z", "datePublished": "2026-03-13T08:14:29.350Z", "dateUpdated": "2026-03-13T16:05:47.203Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2026-03-13T09:31:16.682Z"}, "title": "Legacy built-in user account", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "affected": [{"vendor": "syslink software AG", "product": "Avantra", "platforms": ["Windows", "Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "25.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Avantra allows Accessing \nFunctionality Not Properly Constrained by ACLs. This issue affects \nAvantra: before 25.3.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use of Hard-coded Credentials vulnerability in Avantra allows Accessing \nFunctionality Not Properly Constrained by ACLs. This issue affects \nAvantra: before 25.3.0."}]}], "references": [{"url": "https://support.avantra.com/hc/en-us/articles/5352465121695-Security-Notice-Legacy-Built-In-User-Account-rtm", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Vicxer Inc.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:05:40.724817Z", "id": "CVE-2026-3873", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:05:47.203Z"}}]}}