DIBT-CVE 20260601-0001 Exposure of Credentials Stored in Browser Local Storage (HIGH)

  • Classification: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • Severity: High

Description
If an attacker succeeds in tricking a victim, who has stored LWEB802 project credentials in their browser,into visiting an attacker-controlled link, the associated credentials are exposed to the attacker.

The issue has been reported as CVE-2026-55729.

Impact

Unauthenticated attackers may obtain valid username and password credentials, which could then be usedto log in to the management web application.

Mitigation

Update to LWEB-802 version 5.0.8.