CVE-2022-50977
Published: 02 February 2026
Summary
CVE-2022-50977 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Innomic (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2022-50977, published on 2026-02-02, is a vulnerability rated at CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) linked to CWE-306 (Missing Authentication for Critical Function). It enables an unauthenticated remote attacker to potentially disrupt operations by switching between multiple configuration presets via HTTP. The vulnerability affects software or components from Innomic, as indicated by their associated advisories.
An unauthenticated attacker with network access can exploit this issue due to low attack complexity, requiring no privileges or user interaction. Exploitation allows the attacker to switch configuration presets over HTTP, resulting in high availability impact through operational disruption, with no impact on confidentiality or integrity.
Innomic's advisories detail mitigations in CSAF format, available at https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html and https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-55954
Vulnerability details
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication on HTTP-accessible config preset switching directly enables remote exploitation of a public-facing application (T1190) resulting in availability impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CWE-306 by identifying and restricting critical functions like unauthenticated configuration preset switching to only approved actions without identification or authentication.
Restricts access to configuration changes, preventing unauthenticated attackers from switching presets and disrupting operations.
Enforces approved authorizations for access to system functions over HTTP, blocking unauthenticated preset switching.