CVE Catalog

CVE-2026-35097

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Summary

The KTM e-BOK system enforces a maximum password length of six numeric digits and does not allow alphabetic, special, or extended characters. This issue was fixed in the patch released in June 2026.

Risk Assessment

The organization is at risk of easy password guessing or cracking, potentially leading to unauthorized access to the system and data.

Recommendation

Apply the June 2026 patch immediately and configure a password policy requiring longer and more complex passwords.

Original NVD description (English source)

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS