Authentication Bypass in SINEC NMS <4.0 SP3 UMC Component
CVE-2026-24032 Published on April 14, 2026
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2026-24032
Want to know whenever a new CVE is published for Siemens Sinec Nms? stack.watch will email you.
Affected Versions
Siemens SINEC NMS:- Before V4.0 SP3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.