Primary

Context

Pexip Infinity Missing Authentication Vulnerability in Internal API Allowing Cross-Node Impact

Vulnerability

Patched

A vulnerability in Pexip Infinity versions prior to 39.0 allows for missing authentication in a critical internal API. This flaw enables an attacker, who already has the ability to execute code on one node within a Pexip Infinity installation, to affect the operation of other nodes in the installation.

Impact

Exploitation of this vulnerability could disrupt the normal operation of nodes within a Pexip Infinity installation, potentially leading to degraded performance or availability of services.

Remediation

Users are advised to upgrade to Pexip Infinity version 39.0. Ensure that only trusted users have access to operating system administration credentials and disable SSH across the Pexip Infinity platform, re-enabling it only when absolutely necessary.

Added: Dec 25, 2025, 5:19 AM

Updated: Dec 25, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

3.5

remediation

7.9

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

3.5

remediation

7.9

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pexip Infinity Missing Authentication Vulnerability in Internal API Allowing Cross-Node Impact

Vulnerability

Impact

Remediation

Affected Products

Pexip Infinity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating