We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest. Update Here
Stay in the loop with the latest from Microchip. Update your profile while you are at it. Update Here
Complete your profile to access more resources. Update Here
Cross-reference search

PSIRT-124: TimePictra Authentication Bypass Vulnerability

Vulnerability Details

Date of Disclosure: 02/24/2026

Affected Product: TimePictra® Web Application

  • Vulnerability Type: Unauthenticated access
  • CVE Identifier: CVE-2026-2844
  • CVSS Score:  9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
  • Vulnerability Description:
    • Specially crafted post requests to URI endpoints for creation/deletion of network elements are accepted without authentication
  • Affected Versions: 
    • Software versions to 11.3 SP2
  • Vulnerability Status: 
    • To be addressed in a future version

Risk Assessment

Exploiting vulnerability could allow an attacker to create or delete tracked network elements.

Mitigation

Control access to the web application

Patch/Release Information

Endpoint access control on element creation and deletion may be addressed in a future release.

Acknowledgements

Reported by Steve Lin from Bastion Security

Recommendations

It is strongly recommended that all customers upgrade to the latest version.

Live Chat

Need Help?

Privacy Policy