cve-2026-21404

The tag cve-2026-21404 covers discussions about a security vulnerability in NAVTOR NavBox, a maritime navigation system. The flaw involves hard-coded credentials in the Windows Communication Foundation (WCF) SOAP implementation, which could allow a local authenticated attacker to access privileged methods if SOAP is enabled. CISA published advisory ICSA-26-155-01 on June 4, 2026, noting the issue is not remotely exploitable and not known to be exploited in the wild. The vulnerability is fixed in NavBox version 4.17.2.6 and later, with automatic updates available. Topics include operational technology security, patch management, and the risks of design shortcuts in trusted workflows.