CVE-2026-11849: IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials
The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the database.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- 1.4.19
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A hard-coded credentials vulnerability exists in IEI Integration Corp's iRM-IEI Remote Management software. The flaw is reachable over the network with no authentication required, and the embedded credentials are identical across every affected deployment. Successful exploitation gives an attacker administrative privileges on the database, enabling full read, write, and availability control over its contents. A patched-image rebuild at version 1.4.19 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-11849 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against images in customer registries, CI/CD pipelines, and custom-built images. Any image bundling a version of iRM-IEI Remote Management below 1.4.19 is flagged automatically.
AvailableHarborGuard surfaces this CVE with its CVSS v4.0 score of 9.3 (Critical), weighted against each customer environment's compliance policy to prioritize routing and alerting. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableA patched-image rebuild at version 1.4.19 becomes available through HarborGuard once an affected image is detected. For customers who opt into auto-remediation, HarborGuard runs a rebuilt image through a regression test and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the iRM-IEI Remote Management service over the network; no physical or local access is required.
- AuthenticationNot required
No credentials or account are needed before exploitation; the hard-coded credentials themselves are the mechanism of attack.
- Victim interactionNot required
The attacker acts entirely on their own; no user action or social engineering is needed.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or environmental factors must be satisfied.
Blast Radius
- Attacker obtains administrative access to the database and reads all stored records, which may include credentials, configuration data, and application state.
- Attacker modifies or deletes persisted database rows, corrupting application data or creating backdoor accounts.
- Attacker disrupts database availability, taking the iRM-IEI Remote Management service offline.
How HarborGuard Handles This
Available on HarborGuard: detection of this critical hard-coded credentials vulnerability is active across customer registries and pipelines, with ingestion latency measured in minutes from CVE publication. For environments running iRM-IEI Remote Management below version 1.4.19, a rebuilt image at the patched version is available. Where compliance policy permits auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the new image, and opens a PR against affected workloads; for high and critical severity issues, the median time from CVE publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. For environments where auto-remediation is not enabled, the finding is routed to the responsible team with the fixed version clearly noted so a manual upgrade can be prioritized immediately.
Fix available
- IEI Integration Corp / iRM-TSi410X< 1.4.19 (from 0)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N