## Daily CVE Report: Siemens SINEC NMS, Keycloak Face New Medium-Severity Vulnerabilities
A new daily CVE report highlights three medium-severity vulnerabilities in critical enterprise software, signaling persistent security gaps in widely used network management and identity platforms. While no new CVEs were published in the last 24-hour window, the listed flaws carry significant risk, with the highest CVSS score reported at 9.9. The focus remains on patching known but potentially exploitable weaknesses before they are weaponized.

The vulnerabilities target core infrastructure components. Siemens' SINEC Network Management System (NMS), in all versions before V4.0 SP3 with UMC, contains an authentication weakness due to insufficient user identity validation. Separately, a flaw in Keycloak's organization selection login page allows a remote attacker with specific administrative privileges to exploit a Stored Cross-Site Scripting (XSS) vulnerability. A third entry, CVE-2026-2399, is identified as a path traversal vulnerability (CWE-22), though specific vendor details are not provided in this summary.

These vulnerabilities, all rated 6.9 on the CVSS scale, present a clear and present risk to organizations relying on these systems for network oversight and identity and access management. The Siemens SINEC NMS flaw could allow unauthorized access to critical network management functions, while the Keycloak XSS issue could be leveraged by malicious insiders or compromised admin accounts. Security teams are under pressure to apply the available patches—specifically Siemens' SP3 update—and review administrative access controls in Keycloak realms to mitigate these medium-level but operationally significant threats.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cybersecurity, vulnerability, CVE, Siemens, Keycloak
- **Credibility**: unverified
- **Published**: 2026-04-15 02:22:25
- **ID**: 64687
- **URL**: https://whisperx.ai/en/intel/64687