SALTO ProAccess Space

Summary

SALTO ProAccess Space software versions prior to 6.13 are vulnerable to a privilege escalation attack (CVE-2026-11889) if the partition feature is enabled. Successful exploitation by an authenticated attacker could allow access to spaces outside their assigned partition. A CVSS score of 6.5 has been assigned to this vulnerability.

IFF Assessment

FOE

This vulnerability allows for privilege escalation, which is bad news for defenders as it compromises the integrity of access control systems.

Severity

6.5 Medium

The CVSS score of 6.5 indicates a medium severity vulnerability. Exploitation requires authenticated operator credentials and the partition feature to be enabled, limiting the attack vector, but the impact of privilege escalation and unauthorized access to spaces is significant.

Defender Context

Defenders should prioritize patching SALTO ProAccess Space systems to version 6.13 or later to mitigate this privilege escalation vulnerability. Organizations using the partitioning feature should review their security configurations, implement least-privilege principles for operator accounts, and consider disabling partitioning or running separate instances if strong tenant separation is critical.

Read Full Story →