VYPR
High severity7.8NVD Advisory· Published Feb 10, 2026· Updated Apr 14, 2026

CVE-2026-25656

CVE-2026-25656

Description

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*
    • (no CPE)range: < V4.0 SP3
  • cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*range: <2.15.2.1
    • (no CPE)range: < V2.15.2.1

Patches

Vulnerability mechanics

References

1

News mentions

1