Primary

Context

Nuvation Energy Multi-Stack Controller Authentication Bypass Vulnerability

Vulnerability

A vulnerability allowing authentication bypass has been identified in Nuvation Energy's Multi-Stack Controller (MSC) versions 2.3.8 prior to 2.5.1. This vulnerability arises from an authentication bypass using an alternate path or channel, allowing unauthorized access or actions on the affected system.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain access or privileges on the affected system.

Remediation

Users are advised to update their Multi-Stack Controller to version 2.5.1 or 22.4.0. Consult Nuvation's documentation for instructions on enabling authentication and setting a strong password. Security-conscious users may also wish to restrict access to the nCloud service if it is not necessary for their operations.

Added: Jan 2, 2026, 10:18 PM

Updated: Jan 2, 2026, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nuvation Energy Multi-Stack Controller Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating