MAXHUB Pivot client application
MonitorCVSS 7.3ICS-CERT ICSA-26-127-01May 7, 2026
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
MAXHUB Pivot client application versions prior to v1.36.2 use weak cryptography (CWE-327) that allows an attacker with network access to read tenant email addresses and associated account information in cleartext or cause a denial-of-service condition by stopping the application.
What this means
What could happen
An attacker could read tenant email addresses and associated account information in plaintext, or cause the Pivot client application to stop responding, disrupting communication and collaboration features that depend on it.
Who's at risk
Organizations using MAXHUB Pivot client application for team collaboration and messaging, particularly those managing remote or distributed engineering and operations teams who rely on email and account information exchange.
How it could be exploited
An attacker with network access to the Pivot client can send specially crafted network requests to exploit weak cryptography (CWE-327) and either intercept plaintext email data or trigger a denial-of-service condition that stops the application from functioning.
Prerequisites
- Network access to the Pivot client application
- Pivot client application version prior to v1.36.2
remotely exploitableno authentication requiredlow complexity
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
MAXHUB Pivot client application<v1.36.2No fix yet
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate MAXHUB Pivot client application to v1.36.2 or later via OTA update
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/3d6ed40c-494a-42e4-889c-ca3dae308f17Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.