External risk intelligence

Invixium IXM WEB Privilege Escalation Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-51119

The affected product is a web-based management interface for an access control system. Such interfaces are commonly deployed in network-accessible configurations, often serving as administration portals that may be exposed or reachable within enterprise network perimeters.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

An unauthenticated attacker may be able to escalate privileges within the Invixium IXM WEB system by exploiting a vulnerability in the user creation components. This could potentially lead to unauthorized access and control over the system's user management functions.

  • Unauthorized access to user management functions.
  • Critical vulnerability in web-based access control.
  • Confirm product relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker could reach the vulnerable component of the Invixium IXM WEB system because it is exposed via a network. Once reached, the attacker can leverage the `/SystemUsers/CreateAppUser` feature to escalate their privileges. This could lead to significant compromise if the attacker gains unauthorized administrative control.

  • Accessible over the network.
  • Exploits user creation functionality.
  • Allows privilege escalation.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker to escalate privileges within the Invixium IXM WEB system when it is accessible over the network. This could potentially impact the confidentiality and integrity of system data.

  • System user data could be affected.
  • Via network access to a specific component.
  • Unauthorized system control may result.

Operational Fix

Recommended remediation, mitigation, and detection steps

The affected web-based management interface for an access control system likely falls under the responsibility of infrastructure or platform teams, with potential involvement from security teams for exposure review and vendor management if the product is externally sourced. The first practical step is to identify all instances of the affected technology, determine their reachability and business criticality, identify the accountable owner for each instance, and then prioritize remediation efforts based on risk.

  • Infrastructure or platform teams own resolution.
  • Verify system reachability and business criticality first.
  • Plan remediation based on identified risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Invixium IXM WEB?

Invixium IXM WEB is a web-based management interface designed to configure and monitor access control systems. It acts as a central administration portal for managing physical security credentials, user identities, and system settings, allowing authorized personnel to oversee access points within a facility.

How does CVE-2026-51119 create a security risk?

This vulnerability is classified as Improper Privilege Management (CWE-269). It means the software does not properly enforce access controls, allowing an attacker to manipulate user permissions. In the context of this CVE, it permits someone to elevate their account status to a higher level of authority than intended, effectively bypassing standard security restrictions.

Do I need special access to trigger this vulnerability?

No, the vulnerability does not require pre-existing authentication or prior access to the system. An attacker can initiate the exploit remotely through the network. It specifically targets the /SystemUsers/CreateAppUser component; standard, legitimate interactions with unrelated parts of the web interface do not trigger this flaw.

Is my system at risk if it is not on the internet?

Halo Surface Signal indicates that while these interfaces are often placed on internal network perimeters, any level of network accessibility poses a risk. Even if not directly on the public internet, the system is vulnerable if an attacker can reach the web management interface from any point within the connected network environment.

When should I prioritize addressing this issue?

You should begin by identifying all instances of IXM WEB within your environment and mapping which ones are reachable across your network. Once you have an inventory, assess the business criticality of those specific systems. Prioritize remediation for instances that serve as primary administration gateways or hold sensitive access control data.

References