Description
If an attacker succeeds in tricking a victim, who has stored LWEB802 project credentials in their browser,into visiting an attacker-controlled link, the associated credentials are exposed to the attacker.
The issue has been reported as CVE-2026-55729.
Impact
Unauthenticated attackers may obtain valid username and password credentials, which could then be usedto log in to the management web application.
Mitigation
Update to LWEB-802 version 5.0.8.

