{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32296", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2026-03-11T18:26:54.750Z", "datePublished": "2026-03-17T17:19:55.013Z", "dateUpdated": "2026-03-17T18:10:26.448Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process."}], "affected": [{"vendor": "Sipeed", "product": "NanoKVM", "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.3.1", "versionType": "custom"}, {"version": "2.3.1", "status": "unaffected"}]}], "problemTypes": [{"descriptions": [{"description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE", "cweId": "CWE-306"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T19:28:53.598916Z", "id": "CVE-2026-32296", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint", "references": [{"name": "url", "url": "https://github.com/sipeed/NanoKVM/blob/main/CHANGELOG.md#231-2025-12-26", "tags": ["patch"]}, {"name": "url", "url": "https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-the-network/"}, {"name": "url", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json"}, {"name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32296"}], "credits": [{"value": "Reynaldo Vasquez Garcia, Eclypsium", "lang": "en"}], "datePublic": "2026-03-17T00:00:00.000Z", "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-03-17T17:19:55.013Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T18:10:20.429406Z", "id": "CVE-2026-32296", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T18:10:26.448Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T18:10:20.429406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T18:10:23.448Z"}}], "cna": {"title": "Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint", "credits": [{"lang": "en", "value": "Reynaldo Vasquez Garcia, Eclypsium"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}, {"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T19:28:53.598916Z"}}}], "affected": [{"vendor": "Sipeed", "product": "NanoKVM", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.1", "versionType": "custom"}, {"status": "unaffected", "version": "2.3.1"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-17T00:00:00.000Z", "references": [{"url": "https://github.com/sipeed/NanoKVM/blob/main/CHANGELOG.md#231-2025-12-26", "name": "url", "tags": ["patch"]}, {"url": "https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-the-network/", "name": "url"}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json", "name": "url"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-32296", "name": "url"}], "descriptions": [{"lang": "en", "value": "Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2026-03-17T17:19:55.013Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32296", "state": "PUBLISHED", "dateUpdated": "2026-03-17T18:10:26.448Z", "dateReserved": "2026-03-11T18:26:54.750Z", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "datePublished": "2026-03-17T17:19:55.013Z", "assignerShortName": "cisa-cg"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process."}, {"lang": "es", "value": "Sipeed NanoKVM anterior a 2.3.1 expone un punto final de configuraci\u00f3n de Wi-Fi sin las comprobaciones de seguridad adecuadas, permitiendo a un atacante no autenticado con acceso a la red cambiar la red Wi-Fi configurada guardada por una de la elecci\u00f3n del atacante, o elaborar una solicitud para agotar la memoria del sistema y terminar el proceso KVM."}], "id": "CVE-2026-32296", "lastModified": "2026-03-18T14:52:44.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2026-03-17T18:16:16.960", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "url": "https://eclypsium.com/blog/kvm-devices-the-keys-to-your-kingdom-are-hanging-on-the-network/"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "url": "https://github.com/sipeed/NanoKVM/blob/main/CHANGELOG.md#231-2025-12-26"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32296"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.3.1)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.3.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "NanoKVM", "source": "cna", "vendor": "Sipeed"}, "product": "nanokvm", "vendor": "sipeed"}], "analysis": {"en": {"generated_at": "2026-03-17T18:50:30.510224+00:00", "value": {"mitigation_remediation": ["Update NanoKVM firmware to version 2.3.1 or later, which removes the unauthenticated Wi\u2011Fi configuration endpoint.", "If an update cannot be applied immediately, isolate the device from untrusted networks by placing it on a separate VLAN or subnet with restricted access.", "Verify the stored Wi\u2011Fi credentials remain unchanged and that the device is not unexpectedly restarting or crashing.", "Monitor for abnormal restarts or configuration changes as indicators of attempted exploitation."], "summary": {"action": "Patch Now", "impact": "Unauthorized configuration changes and potential denial of service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all Sipeed NanoKVM firmware versions earlier than 2.3.1. The affected vendor is Sipeed, product NanoKVM. Specific firmware versions are identified only as those preceding 2.3.1; no further sub\u2011versions are listed in the CVE data.", "description_and_impact": "Sipeed NanoKVM devices prior to firmware 2.3.1 expose a Wi\u2011Fi configuration endpoint that lacks authentication checks. An attacker with local network access can send HTTP requests that overwrite the stored Wi\u2011Fi credentials with attacker\u2011chosen values or trigger memory exhaustion, causing the KVM process to terminate. This flaw results in unauthorized configuration changes and potential denial of service, and is classified as CWE\u2011306, Access Control\u2014Missing Authentication for Request.", "risk_and_exploitability": "The CVSS base score of 8.8 indicates high severity. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires only connectivity to the target device\u2019s network interface; no credentials are needed. An attacker can exploit the flaw by sending crafted HTTP requests to the unlocked endpoint, leading to configuration manipulation or a deliberate denial of service via memory exhaustion."}}}}, "created": "2026-03-18T12:13:08.209626+00:00", "updated": "2026-03-24T10:49:02.734637+00:00", "vendors": ["sipeed", "sipeed$PRODUCT$nanokvm"]}