CVE-2026-4767: Improper Access Control in TR7's WAF-ASP
Missing authentication for critical function vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- v1.4.0.117
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An improper access control flaw (missing authentication for a critical function) affects TR7 Cyber Defense Inc. WAF-ASP versions from v1.0.324.900 up to but not including v1.4.0.117. The vulnerability is reachable over the network with no authentication required and no user interaction needed, making it trivially exploitable by any remote attacker who can reach the service. Successful exploitation gives an attacker full read, write, and denial-of-service capability against the affected WAF-ASP instance. A patched-image rebuild at v1.4.0.117 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-4767 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle WAF-ASP. No manual feed configuration is required for coverage to take effect.
AvailableTriage is available with CVSS v3.1 scoring at 9.8 (Critical), and HarborGuard can weight that score against each environment's active compliance policy to surface urgency accurately. Routing to the appropriate team inbox within a customer organization is handled automatically based on image ownership and policy configuration.
AvailableA patched-image rebuild at v1.4.0.117 becomes available on HarborGuard as soon as affected images are identified. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the WAF-ASP service over the network; no local or physical access is required.
- AuthenticationNot required
No credentials or session token of any kind are needed; the vulnerable function is exposed without any authentication gate.
- Victim interactionNot required
The attacker does not need to trick or involve any user; the exploit is entirely server-side.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race windows, or knowledge of the target environment.
Blast Radius
- A successful attacker reads all data accessible to the WAF-ASP process, including intercepted request logs, session tokens, and any credentials stored or passed through the WAF.
- The attacker can write to or modify WAF configuration, rules, and persisted state, allowing bypass or manipulation of all traffic filtering the WAF enforces.
- The attacker can crash or disable the WAF-ASP service entirely, removing the web application firewall layer from in front of protected applications.
- Because scope is unchanged, impact is confined to the WAF-ASP instance itself, but that instance sits in a privileged network position, amplifying the downstream risk to protected services.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-4767 is active across connected registries and pipelines, matching any image that includes TR7 WAF-ASP versions from v1.0.324.900 up to v1.4.0.117. Given the Critical CVSS score of 9.8 and the zero-barrier exploit path (no auth, no interaction, network-reachable), this CVE is prioritized at the highest urgency tier. Where compliance policy permits, a rebuild against the fixed version (v1.4.0.117) is made available automatically. For customers who opt into auto-remediation, HarborGuard triggers the rebuild, executes a regression run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually will find the patched rebuild staged and ready in their HarborGuard dashboard, with a diff of changed layers for review before promotion.
Fix available
- TR7 Cyber Defense Inc. / WAF-ASP< v1.4.0.117 (from v1.0.324.900)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H