A critical (CVSS 9.8) unverified password change flaw in Vimesoft Inc.'s Enterprise Video Platform lets unauthenticated attackers bypass authentication over the network.
What Is It
CVE-2026-12692 is an unverified password change vulnerability (CWE-620) in Vimesoft Inc. Enterprise Video Platform that allows Authentication Bypass. Because the platform does not properly verify the requester when a password is changed, a remote attacker can take over accounts without valid credentials. The flaw carries a CVSS 3.1 base score of 9.8 (CRITICAL), with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, network-reachable, low attack complexity, no privileges, and no user interaction required.
Why It Matters
The impact is total: confidentiality, integrity, and availability are all rated HIGH. An attacker exploiting this can seize control of accounts, view or alter data, and disrupt the service. CISA's SSVC assessment marks the issue as automatable ("yes") with a technical impact of "total," meaning it can be reliably exploited at scale. The exploitation status in that assessment is listed as "none," and the source material contains no CISA KEV entry; so there is no confirmation of active exploitation in the supplied data. Given the 9.8 score and no-authentication attack path, this warrants urgent attention regardless.
What's Vulnerable
- Vendor: Vimesoft Inc.
- Product: Enterprise Video Platform
- Affected versions: from 3.11.0.0 up to (but not including) 3.25.0
Versions outside this range are listed as unaffected by default. No affected CPE entries were provided in the source data.
Patch Status
The affected range ends before version 3.25.0, indicating that upgrading to 3.25.0 or later remediates the flaw. Organizations running Enterprise Video Platform between 3.11.0.0 and 3.25.0 should update to a fixed release. The NVD record lists a vulnerability status of "Deferred." No CISA KEV required-action or due date is present in the supplied material.
Sources
- NVD, CVE-2026-12692: https://nvd.nist.gov/vuln/detail/CVE-2026-12692
- USOM / Türkiye Cyber Security Advisory (TR-26-0574): https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0574