CVE-2026-2344 - Vulnerability Details

A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Plunet Subscribe	Business Manager Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Plunet Subscribe	Business Manager Subscribe

Advisories

No advisories yet.

Fixes

Solution

Upgrade Plunet BusinessManager to version 10.20 or later, which includes a fix for the identified cross-site scripting vulnerabilities.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2344

History

Wed, 11 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Plunet Plunet business Manager
Vendors & Products		Plunet Plunet business Manager
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
Title		Stored XSS on Plunet BusinessManager
Weaknesses		CWE-79
References		https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2344
Metrics		cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: TCS-CERT

Published: 2026-02-11T14:53:20.753Z

Updated: 2026-02-11T21:19:41.145Z

Reserved: 2026-02-11T14:36:10.726Z

Link: CVE-2026-2344

Vulnrichment

Updated: 2026-02-11T21:19:38.684Z

NVD

Status : Awaiting Analysis

Published: 2026-02-11T15:16:17.993

Modified: 2026-02-11T15:27:26.370

Link: CVE-2026-2344

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-11T21:38:02Z

Weaknesses

CWE-79

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object