What is GHSA-6rwx-723r-8rw3?

GHSA-6rwx-723r-8rw3 is a security advisory published by GitHub Security Advisories with High severity. The Naxclow platform API that returns device relay registration details exposes a persistent...

Which CVE IDs does GHSA-6rwx-723r-8rw3 cover?

GHSA-6rwx-723r-8rw3 covers the following CVE IDs: CVE-2026-50108. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6rwx-723r-8rw3?

GHSA-6rwx-723r-8rw3 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-6rwx-723r-8rw3HighCVSS 7.5

The Naxclow platform API that returns device relay registration details exposes a persistent...

Vendor

GitHub Security Advisories

Published

June 12, 2026

Last Modified

June 12, 2026

🔗 CVE IDs covered (1)

CVE-2026-50108 →

📋 Description

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-50108
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02
https://github.com/advisories/GHSA-6rwx-723r-8rw3