CVE-2026-8673— Password re-initialization mechanism sends passwords in plain text

CVSS 5.9 · Medium EPSS 0.03% · P8 Updated May 22, 2026

Possible ATT&CK Techniques 2AI

T1557 · Adversary-in-the-Middle T1040 · Network Sniffing

Affected Version Matrix 1

Vendor	Product	Version Range	Status
syslink software AG	Avantra	`< 25.3.0`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Password re-initialization mechanism sends passwords in plain text

Source: NVD (National Vulnerability Database)

Vulnerability Description

Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

凭证传输未经安全保护

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
syslink software AG	Avantra	0 ~ 25.3.0	-

II. Public POCs for CVE-2026-8673

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-8673

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-8673 (1)

🔗 CVE-2026-8673 - Security Notice - Password Re-initialization Mechanism Sends Passwords in Plain text – Avantra Supportvendor-advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-8673

Same Patch Batch · syslink software AG · 2026-05-22 · 4 CVEs total

CVE-2026-8670	9.6 CRITICAL	Insecure session handling on metrics web server
CVE-2026-8671	7.5 HIGH	Log Files contain encrypted secrets
CVE-2026-8672	5.1 MEDIUM	Default credentials for internal DB

IV. Related Vulnerabilities

Same product: Avantra

Same vendor: syslink software AG

Same weakness: CWE-523

V. Comments for CVE-2026-8673

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-8673— Password re-initialization mechanism sends passwords in plain text

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-8673

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-8673

III. Intelligence Information for CVE-2026-8673

Vendor Advisories for CVE-2026-8673 (1)

Same Patch Batch · syslink software AG · 2026-05-22 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-8673

Leave a comment