Northern.tech
Products
11- 13 CVEs
- 8 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37019 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2024 | Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||
| CVE-2025-49603 | Cri | 0.59 | 9.1 | 0.00 | Jun 26, 2025 | Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control. | ||
| CVE-2024-55959 | Cri | 0.59 | 9.1 | 0.01 | Jan 21, 2025 | Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | ||
| CVE-2022-45929 | Hig | 0.57 | 8.8 | 0.00 | Jun 20, 2024 | Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | ||
| CVE-2026-24712 | Hig | 0.47 | 7.3 | 0.01 | May 14, 2026 | Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. | ||
| CVE-2024-46947 | Med | 0.42 | 6.5 | 0.00 | Nov 8, 2024 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | ||
| CVE-2022-41324 | Med | 0.42 | 6.5 | 0.00 | Jun 20, 2024 | Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | ||
| CVE-2026-33553 | Med | 0.40 | 6.1 | 0.00 | Jun 2, 2026 | Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS. | ||
| CVE-2026-24710 | Med | 0.40 | 6.1 | 0.00 | May 14, 2026 | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. | ||
| CVE-2025-67903 | Med | 0.34 | 5.3 | 0.00 | May 27, 2026 | Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass. | ||
| CVE-2026-24711 | Med | 0.34 | 5.3 | 0.00 | May 14, 2026 | Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control. | ||
| CVE-2024-55958 | Med | 0.31 | 4.8 | 0.00 | Jan 21, 2025 | Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6. | ||
| CVE-2026-33552 | Low | 0.24 | 3.7 | 0.00 | May 27, 2026 | Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control. | ||
| CVE-2026-49009 | Low | 0.20 | 3.1 | 0.01 | May 27, 2026 | Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal. | ||
| CVE-2024-47190 | Low | 0.18 | 2.7 | 0.00 | Nov 8, 2024 | Northern.tech Hosted Mender before 2024.07.11 allows SSRF. | ||
| CVE-2003-0849 | 0.04 | — | 0.11 | Nov 17, 2003 | Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. | |||
| CVE-2024-46948 | 0.00 | — | 0.00 | Nov 8, 2024 | Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | |||
| CVE-2023-45684 | 0.00 | — | 0.01 | Nov 14, 2023 | Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub. | |||
| CVE-2023-26560 | 0.00 | — | 0.01 | Apr 25, 2023 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | |||
| CVE-2022-32290 | 0.00 | — | 0.00 | Jul 6, 2022 | The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network… |
- risk 0.64cvss 9.8epss 0.01
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
- risk 0.59cvss 9.1epss 0.00
Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.
- risk 0.59cvss 9.1epss 0.01
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.
- risk 0.57cvss 8.8epss 0.00
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
- risk 0.47cvss 7.3epss 0.01
Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection.
- risk 0.42cvss 6.5epss 0.00
Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.
- risk 0.42cvss 6.5epss 0.00
Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.
- risk 0.40cvss 6.1epss 0.00
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
- risk 0.40cvss 6.1epss 0.00
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
- risk 0.34cvss 5.3epss 0.00
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
- risk 0.34cvss 5.3epss 0.00
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
- risk 0.31cvss 4.8epss 0.00
Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. The fixed versions are 3.24.1 and 3.21.6.
- risk 0.24cvss 3.7epss 0.00
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
- risk 0.20cvss 3.1epss 0.01
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
- risk 0.18cvss 2.7epss 0.00
Northern.tech Hosted Mender before 2024.07.11 allows SSRF.
- CVE-2003-0849Nov 17, 2003risk 0.04cvss —epss 0.11
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
- CVE-2024-46948Nov 8, 2024risk 0.00cvss —epss 0.00
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
- CVE-2023-45684Nov 14, 2023risk 0.00cvss —epss 0.01
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
- CVE-2023-26560Apr 25, 2023risk 0.00cvss —epss 0.01
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
- CVE-2022-32290Jul 6, 2022risk 0.00cvss —epss 0.00
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network…