CVE-2026-1364

JNC · IAQS and I6

JNC IAQS and I6 contain a missing authentication vulnerability, allowing unauthenticated remote attackers to execute system administrative functions.

Executive summary

A critical missing authentication flaw in JNC IAQS and I6 software enables unauthenticated remote attackers to bypass security and execute administrative-level commands.

Vulnerability

The application fails to perform necessary authentication checks for sensitive administrative functions. This allows an unauthenticated remote attacker to interact directly with core system management features.

Business impact

This vulnerability provides a direct pathway for full system compromise, as it allows unauthorized actors to perform administrative tasks without credentials. The CVSS score of 9.8 underscores the potential for total loss of system confidentiality, integrity, and availability, likely resulting in significant operational disruption and data breach risks.

Remediation

Immediate Action: Apply the latest security patches provided by JNC immediately to enforce authentication across all administrative endpoints.

Proactive Monitoring: Monitor system logs for unauthorized administrative activity or unexpected API calls originating from unknown IP addresses.

Compensating Controls: Restrict access to the management interface via network-level controls, such as VPN requirements or IP allowlisting, to prevent external access.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability is highly critical and requires immediate attention. Ensure that all instances of IAQS and I6 are isolated from the public internet until the necessary security updates are applied and verified.