ACAP
by Axis
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0804 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,… | ||
| CVE-2026-0541 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP… | ||
| CVE-2025-6779 | 0.00 | — | 0.01 | Nov 11, 2025 | An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an… | |||
| CVE-2025-5452 | 0.00 | — | 0.00 | Nov 11, 2025 | A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to… | |||
| CVE-2025-5454 | 0.00 | — | 0.00 | Nov 11, 2025 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,… | |||
| CVE-2025-4645 | 0.00 | — | 0.00 | Nov 11, 2025 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the… | |||
| CVE-2025-3892 | 0.00 | — | 0.00 | Aug 12, 2025 | ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to… |
- risk 0.44cvss 6.7epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,…
- risk 0.44cvss 6.7epss 0.00
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP…
- CVE-2025-6779Nov 11, 2025risk 0.00cvss —epss 0.01
An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an…
- CVE-2025-5452Nov 11, 2025risk 0.00cvss —epss 0.00
A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to…
- CVE-2025-5454Nov 11, 2025risk 0.00cvss —epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,…
- CVE-2025-4645Nov 11, 2025risk 0.00cvss —epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the…
- CVE-2025-3892Aug 12, 2025risk 0.00cvss —epss 0.00
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to…