High severity7.8NVD Advisory· Published Feb 10, 2026· Updated Apr 14, 2026
CVE-2026-25656
CVE-2026-25656
Description
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:sinec_nms:-:*:*:*:*:*:*:*
- (no CPE)range: < V4.0 SP3
cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:user_management_component:*:*:*:*:*:*:*:*range: <2.15.2.1
- (no CPE)range: < V2.15.2.1
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/html/ssa-311973.htmlnvdVendor Advisory
News mentions
1- ZDI-26-132: Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityZero Day Initiative · Feb 25, 2026