Home / Vulnerability Intelligence / CVE-2026-4639

CVE-2026-4639 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 24, 2026

Galaxy Software Services Vitals ESP - Broken Access Control

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

Galaxy Software Services Vitals ESP contains an incorrect authorization vulnerability, letting authenticated remote attackers perform administrative functions and escalate privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 10.3%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can perform administrative actions, leading to privilege escalation.

Mitigation

Update to the latest version of Vitals ESP.

References

Social Media Activity(2 posts)

Ivy Cyber

@ivycyber

Mar 24, 2026

🛡️ #Cybersecurity news & tips across the #fediverse 👇 “🟠 CVE-2026-4639 - High (8.8) Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby es...” https://mastodon.social/@thehackerwire/116282484405537793 🤖 via RSS feed. Not an endorsement.

View original post

TheHackerWire

@thehackerwire

Mar 24, 2026

🟠 CVE-2026-4639 - High (8.8) Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4639/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4639
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 10.3%
Social Posts: 2

CWE

CWE-863

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.3%Probability of exploitation in the next 30 days