How to Fix CVE-2026-27520: 10G08-0800GSM Network Switch (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-27520 is a sibling vulnerability in the same vendor advisory as CVE-2026-23678. Apply the same patched build and you close both. The technical detail below is what differs.

What's different about CVE-2026-27520?

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password.

How to fix CVE-2026-27520

Apply the patched build per the primary write-up: How to Fix CVE-2026-23678. All commands, verification steps, and rollback notes for 10G08-0800GSM Network Switch are listed there.

Frequently asked questions

Does the CVE-2026-23678 patch close CVE-2026-27520?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-27520 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch

References

• Official vendor advisory: https://www.binardat.com/products/8-port-10-gigabit-sfp-managed-switch,-support-1g-sfp-and-10g-sfp-module,-160gbps-bandwidth,-l3-web-managed,-metal-fanless-fiber-binardat-network-switch
• NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27520
• CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Primary: How to Fix CVE-2026-23678

*Written by Sai Kiran Pandrala. Part of the 10G08-0800GSM Network Switch bundle. Full procedure at how-to-fix-cve-2026-23678.*