Ctrl + K
/ news / CVE
CVEPublished 2026-06-01Modified 2026-06-010 articles on news5 live referencesNVD data

CVE-2026-42251

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
Weaknesses (CWE)
CWE-798Use of Hard-coded Credentials
Description

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a legitimate update. This issue affects KS-SOMED with modules: KSPLUPDFTP.exe up to 30.00.00.056 and ANEKSKLIENT.EXE up to 29.00.02.026 Beside removing the hard-coded credentials from the code and changing the update process, access granted by previously exposed credentials was limited to read-only.

Timeline
Published 2026-06-01
Modified 2026-06-01

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-42251
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2026-42251
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-42251
Censys host search filtered to this CVE id.
grep.app
CVE-2026-42251
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-42251
GitHub code search for direct mentions.
Google dork
"CVE-2026-42251" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (1)

CVE-2026-422511 repo
cclank/Hermes-Wikiunknown
Hermes agent + LLM Wiki + 源代码 完成 Hermes agent wiki
★ 535·updated today
We haven't classified any articles referencing CVE-2026-42251 yet. The external references above still apply.