SALTO ProAccess Space
Summary
SALTO ProAccess Space software versions prior to 6.13 are vulnerable to a privilege escalation attack (CVE-2026-11889) if the partition feature is enabled. Successful exploitation by an authenticated attacker could allow access to spaces outside their assigned partition. A CVSS score of 6.5 has been assigned to this vulnerability.
IFF Assessment
This vulnerability allows for privilege escalation, which is bad news for defenders as it compromises the integrity of access control systems.
Severity
The CVSS score of 6.5 indicates a medium severity vulnerability. Exploitation requires authenticated operator credentials and the partition feature to be enabled, limiting the attack vector, but the impact of privilege escalation and unauthorized access to spaces is significant.
Defender Context
Defenders should prioritize patching SALTO ProAccess Space systems to version 6.13 or later to mitigate this privilege escalation vulnerability. Organizations using the partitioning feature should review their security configurations, implement least-privilege principles for operator accounts, and consider disabling partitioning or running separate instances if strong tenant separation is critical.