| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-12352 | 5.9 | medium |
The vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.
|
| CVE-2026-12948 | 3.8 | low |
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages.
|