{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0872", "assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395", "state": "PUBLISHED", "assignerShortName": "THA-PSIRT", "dateReserved": "2026-01-13T09:32:05.991Z", "datePublished": "2026-02-13T08:53:05.621Z", "dateUpdated": "2026-02-13T12:47:30.747Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "SafeNet Agent for Windows Logon", "vendor": "Thales", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "4.1.1"}, {"status": "affected", "version": "4.1.2"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.0.0:*:windows:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.1:*:windows:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.2:*:windows:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Huy Kha, Director of Security Research, and the team at Netwrix"}], "datePublic": "2026-02-08T08:52:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.<p>This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.</p>"}], "value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2."}], "impacts": [{"capecId": "CAPEC-475", "descriptions": [{"lang": "en", "value": "CAPEC-475 Signature Spoofing by Improper Validation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 2.5, "baseSeverity": "LOW", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395", "shortName": "THA-PSIRT", "dateUpdated": "2026-02-13T08:53:05.621Z"}, "references": [{"tags": ["mitigation"], "url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html"}, {"tags": ["vendor-advisory"], "url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to version 4.1.3."}], "value": "Upgrade to version 4.1.3."}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T12:47:11.793545Z", "id": "CVE-2026-0872", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T12:47:30.747Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0872", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T12:47:11.793545Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T12:47:23.404Z"}}], "cna": {"title": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Huy Kha, Director of Security Research, and the team at Netwrix"}], "impacts": [{"capecId": "CAPEC-475", "descriptions": [{"lang": "en", "value": "CAPEC-475 Signature Spoofing by Improper Validation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Thales", "product": "SafeNet Agent for Windows Logon", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "4.1.1"}, {"status": "affected", "version": "4.1.2"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.1.3.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to version 4.1.3.", "base64": false}]}], "datePublic": "2026-02-08T08:52:00.000Z", "references": [{"url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html", "tags": ["mitigation"]}, {"url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.<p>This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.0.0:*:windows:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.1:*:windows:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:thales:safenet_agent_for_windows_logon:4.1.2:*:windows:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395", "shortName": "THA-PSIRT", "dateUpdated": "2026-02-13T08:53:05.621Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0872", "state": "PUBLISHED", "dateUpdated": "2026-02-13T12:47:30.747Z", "dateReserved": "2026-01-13T09:32:05.991Z", "assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395", "datePublished": "2026-02-13T08:53:05.621Z", "assignerShortName": "THA-PSIRT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2."}, {"lang": "es", "value": "Vulnerabilidad de Validaci\u00f3n de Certificados Incorrecta en Thales SafeNet Agent for Windows Logon en Windows permite la Suplantaci\u00f3n de Firma por Validaci\u00f3n Incorrecta. Este problema afecta a SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2."}], "id": "CVE-2026-0872", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@thalesgroup.com", "type": "Secondary"}]}, "published": "2026-02-13T09:16:07.753", "references": [{"source": "psirt@thalesgroup.com", "url": "https://supportportal.thalesgroup.com/csm?sys_kb_id=247fd4a42b4a7290061af3f5f291bff1&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=5ecb72c73b927610381ecfaf55e45a0b&sysparm_article=KB0030173"}, {"source": "psirt@thalesgroup.com", "url": "https://thalesdocs.com/sta/agents/wla-windows_logon/wla-preinstallation_passwordless/index.html"}], "sourceIdentifier": "psirt@thalesgroup.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "psirt@thalesgroup.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "4.0.0"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "4.1.1"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "4.1.2"}}], "product": "safenet_agent_for_windows_logon", "vendor": "thales"}], "analysis": {"en": {"generated_at": "2026-04-17T19:54:34.391839+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s patch by upgrading the SafeNet Agent for Windows Logon to version 4.1.3 or later.", "Reconfigure the agent\u2019s certificate validation settings to enforce strict checks against the system\u2019s trusted root store and disable any custom validation pathways.", "Restrict installation and configuration rights for the SafeNet Agent to privileged accounts to prevent unauthorized certificate manipulation."], "summary": {"action": "Apply Patch", "impact": "Signature Spoofing by improper certificate validation"}, "threat_synthesis": {"affected_systems": "Affected by this flaw are Thales SafeNet Agent for Windows Logon versions 4.0.0, 4.1.1, and 4.1.2. Users running any of these releases on Windows are exposed to potential signature spoofing.", "description_and_impact": "The vulnerability in Thales SafeNet Agent for Windows Logon permits an attacker to forge digital signatures due to improper certificate validation. This flaw is classified as CWE\u2011295 and can enable an attacker to authenticate as a legitimate user or execute privileged actions that are normally protected by certificate\u2011based authentication.", "risk_and_exploitability": "The CVSS score of 2.5 indicates low severity, and the EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is a local or remote attacker with the capability to supply forged certificates to the agent. No specific intrusion prerequisites are described, but the flaw allows bypassing authentication mechanisms that rely on validated certificates."}}}}, "created": "2026-02-13T21:28:44.725557+00:00", "updated": "2026-04-17T20:00:09.025251+00:00", "vendors": ["thales", "thales$PRODUCT$safenet_agent_for_windows_logon"]}