CISA Warns of Privilege Escalation Vulnerability in SALTO ProAccess Space
CISA has issued an advisory for SALTO ProAccess Space versions prior to 6.13, detailing a privilege escalation vulnerability (CVE-2026-11889) that allows authenticated attackers to bypass partition restrictions.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory detailing a critical vulnerability affecting SALTO ProAccess Space, a widely used access control system. The vulnerability, identified as CVE-2026-11889, allows an authenticated attacker with operator credentials to escalate their privileges and bypass partition restrictions within the system.
This means that an attacker who has already gained legitimate access to the system as an operator could potentially access any space or area managed by the ProAccess Space installation, regardless of their assigned permissions. The exploit requires the attacker to possess valid operator credentials and for the system's partitioning feature to be enabled. Installations that do not utilize the partitioning feature are not affected by this specific vulnerability.
The affected product is SALTO ProAccess Space, specifically versions prior to 6.13. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) and a CVSS v4.0 score of 7.1 (High), indicating a significant risk of exploitation. The core issue lies in the software's handling of its tenancy or logical partition feature, allowing for an authorization bypass.
SALTO, the vendor of ProAccess Space, has released version 6.13 as a fix for this vulnerability. CISA strongly advises users to upgrade to this patched version immediately. In addition to patching, CISA recommends several mitigation strategies to further enhance security. These include operating ProAccess Space on a protected internal network, avoiding direct internet exposure, restricting operator accounts to the minimum necessary privileges, and considering disabling the partitioning feature if strong tenant separation is not a strict requirement.
For organizations requiring robust tenant separation, SALTO suggests running separate ProAccess Space instances in isolated environments rather than relying solely on logical partitioning. These recommendations aim to reduce the attack surface and limit the potential impact should an attacker gain initial access.
While CISA has not reported any known public exploitation of this specific vulnerability at this time, the nature of the flaw—allowing privilege escalation and unauthorized access—poses a significant risk to facilities relying on ProAccess Space for physical security. The advisory highlights the importance of timely patching and layered security defenses in industrial control systems and access management solutions.
This advisory serves as a reminder for organizations to maintain vigilance regarding the security of their access control systems, which are often critical components of overall infrastructure security. Regular security audits, prompt application of vendor patches, and adherence to best practices like network segmentation and the principle of least privilege are essential for protecting against such threats.