{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5756", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-07T16:42:45.597Z", "datePublished": "2026-04-14T17:51:53.628Z", "dateUpdated": "2026-04-14T17:51:53.628Z"}, "containers": {"cna": {"title": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)", "descriptions": [{"lang": "en", "value": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Data Recognition Corporation", "product": "Central Office Services - Content Hosting Component", "versions": [{"status": "affected", "version": "975"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-306 Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "references": [{"url": "https://www.datarecognitioncorp.com/"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-5756"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-14T17:51:53.628Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services."}], "id": "CVE-2026-5756", "lastModified": "2026-04-14T18:17:39.600", "metrics": {}, "published": "2026-04-14T18:17:39.600", "references": [{"source": "cret@cert.org", "url": "https://www.datarecognitioncorp.com/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "975"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Central Office Services - Content Hosting Component", "source": "cna", "vendor": "Data Recognition Corporation"}, "product": "central_office_services_-_content_hosting_component", "vendor": "data_recognition_corporation"}], "analysis": {"en": {"generated_at": "2026-04-14T20:30:00.376193+00:00", "value": {"mitigation_remediation": ["Check the Data Recognition Corporation website or support portal for a patch or update for Central Office Services.", "Apply any released patch or upgrade to the latest version of Central Office Services as soon as it becomes available.", "If an update is not available, isolate the Central Office Services component from external networks or restrict it to a trusted internal segment.", "Disable remote configuration modification capabilities or block write access to configuration files via firewall or file\u2011system permissions.", "Enable logging of configuration file changes and monitor logs for unauthorized modifications.", "Conduct a vulnerability assessment or penetration testing to confirm whether the configuration file remains protected."], "summary": {"action": "Assess Impact", "impact": "Unauthorized configuration modification enabling data exfiltration and traffic interception"}, "threat_synthesis": {"affected_systems": "Data Recognition Corporation\u2019s Central Office Services \u2013 Content Hosting Component. No specific version information is provided, so any installation of this component is potentially impacted.", "description_and_impact": "The vulnerability allows an attacker who is not authenticated to modify the server\u2019s configuration file in DRC Central Office Services (COS). This flaw can enable mass data exfiltration, interception of malicious traffic, or disruption of testing services. The flaw represents a weakness in access control, equivalent to an improper authorization issue that undermines confidentiality and integrity of the system\u2019s configuration.", "risk_and_exploitability": "The vulnerability is likely exploitable via network channels that grant write access to configuration files, given the lack of authentication requirements. With no EPSS score and no listing in CISA\u2019s KEV catalog, the exact exploit probability is unknown; however, the absence of authentication suggests a high risk if left unmitigated. No CVSS score is available, so the severity remains undetermined. Potential attackers could alter service parameters, potentially redirect traffic or exfiltrate data, making this a high\u2011impact vulnerability if exploited."}}}}, "created": "2026-04-15T14:41:09.778091+00:00", "updated": "2026-04-15T14:53:59.188652+00:00", "vendors": ["data_recognition_corporation", "data_recognition_corporation$PRODUCT$central_office_services_-_content_hosting_component"], "weaknesses": ["CWE-284", "CWE-862"]}