Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-40630 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-24 |
| Vendor | SenseLive |
| Product | X3050 |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.
Required Actions
Update the SenseLive X3050 firmware to the patched version released by the vendor immediately. Until the patch is applied, restrict access to the web interface to a dedicated management segment only, block WAN-side access to the device, and monitor logs for unusual requests to configuration endpoints.
Who Is Affected?
This vulnerability affects X3050 by SenseLive. Check whether your organization uses these devices (industrial converters / IoT gateways) and schedule a firmware update immediately.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
