HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-4767Published Modified CNA TR-CERT

CVE-2026-4767: Improper Access Control in TR7's WAF-ASP

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
v1.4.0.117
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper access control flaw (missing authentication for a critical function) affects TR7 Cyber Defense Inc. WAF-ASP versions from v1.0.324.900 up to but not including v1.4.0.117. The vulnerability is reachable over the network with no authentication required and no user interaction needed, making it trivially exploitable by any remote attacker who can reach the service. Successful exploitation gives an attacker full read, write, and denial-of-service capability against the affected WAF-ASP instance. A patched-image rebuild at v1.4.0.117 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-4767 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle WAF-ASP. No manual feed configuration is required for coverage to take effect.

Available
Triage

Triage is available with CVSS v3.1 scoring at 9.8 (Critical), and HarborGuard can weight that score against each environment's active compliance policy to surface urgency accurately. Routing to the appropriate team inbox within a customer organization is handled automatically based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at v1.4.0.117 becomes available on HarborGuard as soon as affected images are identified. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the WAF-ASP service over the network; no local or physical access is required.

  • AuthenticationNot required

    No credentials or session token of any kind are needed; the vulnerable function is exposed without any authentication gate.

  • Victim interactionNot required

    The attacker does not need to trick or involve any user; the exploit is entirely server-side.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race windows, or knowledge of the target environment.

Blast Radius

  • A successful attacker reads all data accessible to the WAF-ASP process, including intercepted request logs, session tokens, and any credentials stored or passed through the WAF.
  • The attacker can write to or modify WAF configuration, rules, and persisted state, allowing bypass or manipulation of all traffic filtering the WAF enforces.
  • The attacker can crash or disable the WAF-ASP service entirely, removing the web application firewall layer from in front of protected applications.
  • Because scope is unchanged, impact is confined to the WAF-ASP instance itself, but that instance sits in a privileged network position, amplifying the downstream risk to protected services.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-4767 is active across connected registries and pipelines, matching any image that includes TR7 WAF-ASP versions from v1.0.324.900 up to v1.4.0.117. Given the Critical CVSS score of 9.8 and the zero-barrier exploit path (no auth, no interaction, network-reachable), this CVE is prioritized at the highest urgency tier. Where compliance policy permits, a rebuild against the fixed version (v1.4.0.117) is made available automatically. For customers who opt into auto-remediation, HarborGuard triggers the rebuild, executes a regression run, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually will find the patched rebuild staged and ready in their HarborGuard dashboard, with a diff of changed layers for review before promotion.

See how HarborGuard automates this

Fix available

v1.4.0.117
Affected packages
  • TR7 Cyber ​​Defense Inc. / WAF-ASP
    < v1.4.0.117 (from v1.0.324.900)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H