Volerion logoVolerion
Volerion logoVolerion

CIPPlanner CIPAce Single-Factor Authentication Bypass Vulnerability

Vulnerability

A vulnerability allowing the bypass of single-factor authentication has been identified in the Authentication component of CIPPlanner CIPAce software, prior to version 9.17. This vulnerability arises when the system permits login with internal accounts, potentially allowing an attacker to gain full authentication if the authentication secret is compromised.

Impact

Exploitation of this vulnerability could lead to unauthorized authentication, allowing attackers to gain access to user accounts and associated privileges.

Remediation

CIPPlanner has developed and distributed software patches to customers. These patches are included in CIPAce versions 10.0 and later. For customers not currently upgrading to version 10.0, instructions for applying the patch have been provided.

Added: Feb 11, 2026, 8:18 PM
Updated: Feb 11, 2026, 8:18 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
4.1
remediation
7.7
relevance
3.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.