CVE-2026-2564 CRITICAL

CVE-2026-2564: Intelbras VIP 3260 Z IA OutsideCmd password recovery

Vendor Intelbras

Product VIP 3260 Z IA

Weakness CWE-640 · Weak password recovery

Published February 16, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

9.2/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitation appears to be difficult. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

February 16, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2564

Related vulnerabilities

04Related CVE

CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password CVE-2019-6560 CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password