Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-34762 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
The PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI.
A NetworkManager or Admin can modify any subscriber's QoS policy (potentially degrading service or altering traffic routing) while the audit log attributes the change to a non-existent or unrelated subscriber. Post-incident forensic searches for the affected subscriber's IMSI would find no matching audit entries.
Remove the IMSI as a body param and use the path param as a single source of truth.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.