CVE-2026-42139 | defend.network

CVSSawaiting NVD

ExploitationNo exploitation reported

Triage statusUnder Review

ActionSchedule for next cycle

Affected product

Siemens gWAP (gPROMS Web Applications Publisher)

Remediation Steps

Identify Axios HTTP client component version in gWAP deployment and apply vendor update
Review gWAP access logs for suspicious POST requests containing code execution payloads
Implement web application firewall rules to detect and block RCE attempt patterns
Validate gWAP process execution privileges are minimal (non-root/admin where possible)
Schedule comprehensive security assessment of gWAP configuration post-patch

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-01.json
https://www.siemens.com/security-advisories
https://nvd.nist.gov/vuln/detail/CVE-2026-42139

Coverage on defend.network

Vulnerability Priority Report – Week 3 of May 2026 (May 18 – 24)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts