CVE-2026-27515

CRITICAL 9.1

Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

CWE	CWE-330
Vendor	binardat ltd.
Product	10g08-0800gsm network switch
Published	Feb 24, 2026
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for binardat ltd. 10g08-0800gsm network switch

Be the first to know when new critical vulnerabilities affecting binardat ltd. 10g08-0800gsm network switch are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Binardat Ltd. / 10G08-0800GSM Network Switch

0 < V300SP10260209

References

NVD ↗ CVE.org ↗ EPSS Data ↗

binardat.com: https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch vulncheck.com: https://www.vulncheck.com/advisories/binardat-10g08-0800gsm-network-switch-predictable-session-identifiers

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.