CVE-2026-10540

CVE-2026-10540CVE-2026-10540

Description

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an attacker. This vulnerability affects Control-M/Enterprise Manager unsupported versions 9.0.20.x and potentially earlier unsupported versions

Scoring

CVSS 5.6 ()
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Last modified2026-07-01
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.