CVE-2026-27755

CriticalPublic PoC

Published: 27 February 2026

Published

27 February 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27755 is a critical-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Sodola-Network Sl902-Swtgw124As Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Directly requires protection of communications session authenticity to prevent forgery via predictable session identifiers.

IA-5 Authenticator Management good match

prevent

Mandates secure generation and management of authenticators, including session cookies, to avoid predictable MD5-based identifiers that enable offline computation and forgery.

SI-2 Flaw Remediation good match

preventrecover

Requires timely identification, reporting, and correction of flaws such as weak session identifier generation in device firmware.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1606.001 Web Cookies Credential Access

Adversaries may forge web cookies that can be used to gain access to web applications or Internet services.

attack.mitre.org →

Why these techniques?

The vulnerability in the web management interface of the network switch enables exploitation of a public-facing application (T1190) via predictable session identifiers, directly facilitating the forging of web session cookies for unauthorized access (T1606.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifier offline and bypass…

authentication without completing the login flow, gaining unauthorized access to the device.

Deeper analysisAI

CVE-2026-27755, published on 2026-02-27, is a weak session identifier generation vulnerability (CWE-330) affecting SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. The device generates predictable MD5-based cookies for session identifiers, enabling attackers to forge authenticated sessions. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

Remote attackers can exploit this vulnerability if they know or guess valid credentials. By computing the predictable session identifier offline, they bypass the normal login flow, forge an authenticated session, and gain unauthorized access to the device without requiring privileges, user interaction, or elevated complexity.

Advisories and mitigation details are referenced in the VulnCheck advisory at https://www.vulncheck.com/advisories/sodola-sl902-swtgw124as-predictable-session-id and the vendor product page at https://www.sodola-network.com/products/sodola-6-port-2-5g-easy-web-managed-switch-4-x-2-5g-base-t-ports-2-x-10g-sfp-static-aggregation-qos-vlan-igmp-2-5gb-network-home-lab-switch.