How is CVE-2026-11848 exploited?

Network reachability (required): The attacker must reach the iRM-IEI management service over the network; no local or physical access is required. Authentication (not-required): No credentials of any privilege level are needed to trigger the vulnerable functionality. Victim interaction (not-required): The attacker can exploit this vulnerability without any action from a user or administrator on the target system. Attack complexity (info): The exploit is reliable and condition-free, with no race conditions or environmental dependencies required to succeed.

What is the impact of CVE-2026-11848?

Reads partial system configuration details from the affected iRM-IEI device, which may include network settings, service parameters, or hardware identifiers useful for further targeting. Impacts the confidentiality of the managed system's configuration data at a low level on the vulnerable component itself. Compromises the confidentiality, integrity, and availability of any downstream or dependent systems that rely on or are managed by the iRM-IEI component (high scope impact on subsequent systems). An attacker who maps the exposed configuration data can use it as reconnaissance to plan more targeted follow-on attacks against connected infrastructure.

Back to search

HIGHCVE-2026-11848Published 2026-06-12Modified 2026-06-12CNA twcert

CVE-2026-11848: IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.

CVSS v4.0: 7.9
Severity: HIGH
Fixed in: 1.4.19
Affected Products: 1

HarborGuard Analysis

Synopsis

Missing authentication vulnerability in IEI Integration Corp iRM-IEI Remote Management allows unauthenticated remote attackers to reach a specific management function over the network without any credentials. Successful exploitation exposes partial system configuration information from the affected device. A patched-image rebuild at version 1.4.19 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment. The CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images derived from affected base layers.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.9 HIGH and weighting it against each environment's compliance policy to determine priority. Triage routing to the appropriate team inbox within each customer organization is available automatically based on those policy settings.

Available

Patch

A patched-image rebuild at version 1.4.19 becomes available on HarborGuard for any environment running an affected version of iRM-IEI Remote Management. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite, and open a PR against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the iRM-IEI management service over the network; no local or physical access is required.
AuthenticationNot required
No credentials of any privilege level are needed to trigger the vulnerable functionality.
Victim interactionNot required
The attacker can exploit this vulnerability without any action from a user or administrator on the target system.
Attack complexityDetail
The exploit is reliable and condition-free, with no race conditions or environmental dependencies required to succeed.

Blast Radius

Reads partial system configuration details from the affected iRM-IEI device, which may include network settings, service parameters, or hardware identifiers useful for further targeting.
Impacts the confidentiality of the managed system's configuration data at a low level on the vulnerable component itself.
Compromises the confidentiality, integrity, and availability of any downstream or dependent systems that rely on or are managed by the iRM-IEI component (high scope impact on subsequent systems).
An attacker who maps the exposed configuration data can use it as reconnaissance to plan more targeted follow-on attacks against connected infrastructure.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image in a customer registry or pipeline that includes an affected version of iRM-IEI Remote Management (versions below 1.4.19). The severity is scored at CVSS 7.9 HIGH, which places this in the expedited triage queue under most standard compliance policies. Where compliance policy permits, auto-remediation customers receive a rebuilt image at the fixed version (1.4.19), a regression-test run, and a PR opened against affected workloads automatically; the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. For customers who have not enabled auto-remediation, the patched rebuild is staged and ready for manual promotion. Given the zero-authentication network exposure, customers should also consider applying network policy controls to restrict access to the iRM-IEI management interface to trusted source IP ranges while the upgrade is being scheduled.

See how HarborGuard automates this

Fix available

1.4.19

Affected packages

IEI Integration Corp / iRM-TSi410X
< 1.4.19 (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available