🔐 CVE Alert

CVE-2026-31849

UNKNOWN 0.0

Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
26th

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.

CWE CWE-352
Vendor nexxt solutions
Product nebula 300+
Published Mar 23, 2026
Last Updated Mar 26, 2026
Stay Ahead of the Next One

Get instant alerts for nexxt solutions nebula 300+

Be the first to know when new unknown vulnerabilities affecting nexxt solutions nebula 300+ are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Nexxt Solutions / Nebula 300+
<= 12.01.01.37

References

NVD ↗ CVE.org ↗ EPSS Data ↗
nexxtsolutions.com: https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ nexxt-connectivity-frontend.s3.amazonaws.com: https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip

Credits

Angel Barre (call4pwn)