CVE-2026-26094 | Nozomi Networks Labs

Summary

Use of Hard-coded Cryptographic Key in Owl opds 2.2.0.4 allows Read Sensitive Constants Within an Executable via a crafted network request.

Impact

This issue allows Read Sensitive Constants Within an Executable via a crafted network request.

Issue Date

February 23, 2026

Affects

This issue affects: Owl opds v2.2.0.4

CVE Name

CVE-2026-26094

CVSS Details

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CVSS Score

7.6

Solution

To fix this issue it's suggested to update to Talon v3.0

Mitigations

Acknowledgements

Luca Borzacchiello and Gabriele Quagliarella at Nozomi Networks

Nozomi Threat Intelligence

Nozomi Networks Labs curates threat and vulnerability insights that are continuously fed into the Nozomi Networks platform to ensure our sensors can detect existing and emerging threats and vulnerabilities that threaten customers environments.

Learn more

Latest Labs Blogs

Detecting New OT Threats: How To Do It Proactively

Read

Smile, You’re Being Hacked: Nozomi Networks Labs Finds Five New Flaws in Hanwha Wisenet Cameras

Read

Breaking the Encryption: Analyzing the AutomationDirect CLICK Plus PLC Protocol

Read

View All

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a Demo Watch Demo

Use of Hard-coded Cryptographic Key

Summary

Impact

Issue Date

Affects

CVE Name

CVSS Details

CVSS Score

Solution

Mitigations

Acknowledgements

Nozomi Threat Intelligence

Latest Labs Blogs

Detecting New OT Threats: How To Do It Proactively

Smile, You’re Being Hacked: Nozomi Networks Labs Finds Five New Flaws in Hanwha Wisenet Cameras

Breaking the Encryption: Analyzing the AutomationDirect CLICK Plus PLC Protocol

Take the next step.

Subscribe

LinkedIn

Demo

PLATFORM

Professional Services

Solutions: Business needs

Solutions: Compliance

Solutions: Industry

Learn