Critical severityNVD Advisory· Published Apr 15, 2026· Updated Apr 17, 2026
CVE-2026-5387
CVE-2026-5387
Description
The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-04.jsonnvd
- softwaresupportsp.aveva.com/en-US/downloads/products/details/57b79fdb-7b5f-4125-8a44-833b6b5c6d6fnvd
- www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-004.pdfnvd
- www.cisa.gov/news-events/ics-advisories/icsa-26-106-04nvd
News mentions
0No linked articles in our index yet.