N Able N Able

  1. Vendors
  2. N Able

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any N Able product.

RSS Feeds for N Able security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in N Able products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by N Able Sorted by Most Security Vulnerabilities since 2018

N Able N Central11 vulnerabilities

N Able Automation Manager1 vulnerability

N Able Passportal1 vulnerability

Known Exploited N Able Vulnerabilities

The following N Able vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
N-able N-Central Command Injection Vulnerability N-able N-Central contains a command injection vulnerability via improper sanitization of user input.
CVE-2025-8876 Exploit Probability: 10.3% 		August 13, 2025
N-able N-Central Insecure Deserialization Vulnerability N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
CVE-2025-8875 Exploit Probability: 3.0% 		August 13, 2025

By the Year

In 2026 there have been 0 vulnerabilities in N Able. Last year, in 2025 N Able had 7 security vulnerabilities published. Right now, N Able is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 7 7.00
2024 5 8.53
2023 1 7.00

It may take a day or so for new N Able vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent N Able Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-11367 Nov 12, 2025
RCE via Deserialization in N-central Software Probe <2025.4 The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
N Central
CVE-2025-11366 Nov 12, 2025
N-central <2025.4 Auth Bypass via Path Trvser (CVE-2025-11366) N-central < 2025.4 is vulnerable to authentication bypass via path traversal
N Central
CVE-2025-11700 Nov 12, 2025
N-central <2025.4 XXE Info Disclosure N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
N Central
CVE-2025-9316 Nov 12, 2025
Unauth SessionID Generation in N-central < 2025.4 N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
N Central
CVE-2025-10231 Sep 10, 2025
N-Central Windows Agent/Probe Privilege Escalation via File Permission An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions.
N Central
CVE-2025-8876 Aug 14, 2025
N-able N-central OS Command Injection before 2025.3.1 Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
N Central
CVE-2025-8875 Aug 14, 2025
Deserialization of Untrusted Data in N-able N-central <2025.3.1 Leads to LCE Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
N Central
CVE-2024-28200 Jul 01, 2024
N-central (pre-2024.2) UI Auth Bypass The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the wild.
N Central
CVE-2024-5322 Jul 01, 2024
N-central Server Session Rebinding in Entra SSO (before 2024.3) The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to 2024.3.
N Central
CVE-2023-37244 May 02, 2024
Automation Manager AgentService TOCTOU Symlink Creation (before 2.91.0.0) The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
Automation Manager
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.