THE advisory from CISA, released on June 4, 2026, details a vulnerability in NAVTOR NavBox version 4.16.1.20, identified as CVE-2026-21404. This vulnerability allows local attackers to exploit hard-coded credentials in its SOAP functionality, granting unauthorized access to privileged methods and potentially leading to operational disruptions. Affected users are advised to upgrade to version 4.17.2.6 or later, where the issue is resolved. CISA recommends defensive measures, such as minimizing network exposure and using secure remote access methods to mitigate risks.
NAVTOR NavBox
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT