{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1712", "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "state": "PUBLISHED", "assignerShortName": "HYPR", "dateReserved": "2026-01-30T18:34:14.044Z", "datePublished": "2026-03-25T16:56:05.927Z", "dateUpdated": "2026-03-25T16:56:05.927Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512", "shortName": "HYPR", "dateUpdated": "2026-03-25T16:56:05.927Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-266", "description": "CWE-266 Incorrect privilege assignment", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "HYPR", "product": "Server", "versions": [{"status": "affected", "version": "10.5.1", "lessThan": "10.7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.<p>This issue affects HYPR Server: from 10.5.1 before 10.7.</p>"}]}], "references": [{"url": "https://www.hypr.com/trust-center/security-advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.8, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7."}], "id": "CVE-2026-1712", "lastModified": "2026-03-25T17:16:29.773", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@hypr.com", "type": "Secondary"}]}, "published": "2026-03-25T17:16:29.773", "references": [{"source": "security@hypr.com", "url": "https://www.hypr.com/trust-center/security-advisories"}], "sourceIdentifier": "security@hypr.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@hypr.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T19:09:01.475898+00:00", "value": {"mitigation_remediation": ["Apply the latest HYPR Server update that addresses the privilege assignment flaw.", "Verify the server version is not within the 10.5.1 through 10.6.x range and monitor for any unusual privilege escalation activity."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "HYPR, Server product, is affected for all releases from version 10.5.1 up to but not including 10.7. Users running any of these versions should verify their system against the vulnerability.", "description_and_impact": "The vulnerability stems from incorrect privilege assignment in HYPR Server, allowing a user or process to elevate its privileges beyond intended boundaries. This flaw enables an adversary to gain higher-level access, potentially compromising confidentiality, integrity, and availability of the system. The weakness is identified as a failure of authorization controls.", "risk_and_exploitability": "Commercial security ratings assign a CVSS score of 5.8, indicating moderate severity, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is that an attacker with limited access to the server environment could exploit the privilege assignment flaw to elevate privileges. This inference is drawn from the mention of privilege escalation and lacks explicit details on the precise exploitation method."}}}}, "created": "2026-03-25T21:46:44.621249+00:00", "title": "Privilege Escalation in HYPR Server via Inadequate Privilege Assignment", "updated": "2026-03-25T21:46:44.621284+00:00", "vendors": []}