Tag
Multiple vulnerabilities, including CVE-2026-12352 (incorrect authorization) and CVE-2026-12948 (stored cross-site scripting), affect Digi International PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA devices with firmware prior to 2025, allowing unauthenticated bypass, access to restricted resources, credential acquisition, and client-side script execution in critical infrastructure environments.