High severity8.1NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026

CVE-2026-40623

Description

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

Affected products

Senselive/X3500 Firmware
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.jsonnvdThird Party Advisory
senselive.io/contactnvdProduct
www.cisa.gov/news-events/ics-advisories/icsa-26-111-12nvdUS Government Resource

News mentions

SenseLive X3050
CISA Alerts

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000