CVE-2026-35097 MEDIUM

CVE-2026-35097: Weak Password Requirements in KTM System e-BOK

Vendor Ktm System
Product e-BOK
Weakness CWE-521
Published June 30, 2026
Last update June 30, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.

Key dates

02Disclosure timeline

June 30, 2026 CVE published