Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
  • Experiencing a breach?
  • Blog
  • Careers

  • Platform & Products

    • Singularity™ Platform

      Unified Enterprise Security. Machine-Speed Protection, Intelligence, and Response.

    • XDR

      Native and Open Protection, Detection, and Response.

    • Integrations and Partners

      One-Click Integrations to Unlock the Power of SentinelOne.

    Product Tours
    Pricing & Packages
    Get a Demo

  • Solutions & Use Cases

    SentinelOne for Industries

    Security Tuned for Your Industry.

    See All Industries
    • Healthcare

      Protect Patient Data. Keep Clinical Systems Online.

    • Financial Services

      Stop Fraud and Ransomware. Stay Audit-Ready.

    • Federal Government

      FedRAMP and IL5-Ready Defense for Federal Missions.

    • Manufacturing

      Defend OT, IT, IIOT, and Supply Chains at Scale.

    • Energy

      Secure OT Systems and Critical Infrastructure.

    • Transportation and Logistics

      Defend Operations Across Fleet, Port, and Rail.

    • Higher Education

      Protect Open Networks Without Slowing Research.

    • K-12 Education

      Stop Ransomware. Protect Students, Staff, and Data.

    • Retail and Hospitality

      Defend Your Brand, Customer Data, and Bottom Line.

    • SMB & Startups

      Enterprise-Grade Defense for Fast Teams.

    See all solutions

  • Services

    Managed Services

    Wayfinder Threat Detection and Response.

    Learn More
    • Threat Hunting

      World-Class Expertise and Threat Intelligence.

    • Managed Detection and Response

      24/7 Expert MDR Across Your Entire Environment.

    • Incident Readiness and Response

      DFIR, Breach Readiness, and Compromise Assessments.

    Experiencing a breach?

    Our experts are here to help 24/7.

    1-855-868-3733
    Get Help Now

  • Partners

    Become a Partner

    • Become a SentinelOne Partner

      Join the Global SentinelOne Ecosystem

    • Explore MSSP Solutions

      Services Succeed Faster with SentinelOne

    • Form a Technology Alliance

      Integrated, Enterprise-Scale Solutions

    Find a Partner

    • Enlist a Response or Advisory Team

      Enlist Pro Response and Advisory Teams

    • SentinelOne for AWS

      Hosted Across AWS Regions Worldwide

    • SentinelOne for Google

      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale

    • Partner Locator

      Your Go-to Source for Our Top Partners in Your Region

    • Singularity Marketplace

      One-Click Integrations for Unified Prevention, Detection, and Response

      Explore integrations
    Partner Portal Login

  • Why SentinelOne

    • Why Choose SentinelOne

      AI-Powered Cybersecurity Built to Secure What’s Next.

    • Our Customers

      Trusted by the World’s Leading Companies.

    • Industry Awards & Recognition

      Tested and Proven by the Experts.

  • Resources & Support

    Resources

    • Resource Center
    • Webinars
    • Cybersecurity Blog
    • Events
    • Newsroom

    Company

    • About SentinelOne
    • Careers
    • S Ventures
    • S Foundation
    • Dataset
    • FAQ
    • Investors Relations

    Customer Success & Support

    • Live and On-Demand Training
    • Guided Onboarding & Deployment
    • Technical Account Management
    • Support Services
    • Customer Portal
    • Get Support Now

    Explore

    • Vulnerability Database
    • SentinelLABS Threat Research
    • Ransomeware Anthology
    • Cybersecurity 101
    EventJoin us at OneCon (Oct. 20–22, 2026)
    CompetitionThreat Hunting World Championship 2026
    ReportThe SentinelOne Annual Threat Report
  • Pricing
Get StartedContact us

Explore SentinelOne

  • Pricing
Events
Get StartedContact us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-1363

CVE-2026-1363: IAQS/I6 Auth Bypass Vulnerability

CVE-2026-1363 is an authentication bypass flaw in IAQS and I6 systems by JNC that allows attackers to gain admin privileges through client-side manipulation. This article covers technical details, impact, and mitigations.

Published: January 30, 2026

CVE-2026-1363 Overview

CVE-2026-1363 is a critical Client-Side Enforcement of Server-Side Security vulnerability affecting IAQS and I6 products developed by JNC. This security flaw enables unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end interface. The vulnerability stems from improper security enforcement where critical authorization decisions are made on the client-side rather than being validated server-side.

Critical Impact

Unauthenticated remote attackers can escalate to administrator privileges through client-side manipulation, potentially leading to complete system compromise.

Affected Products

  • JNC IAQS
  • JNC I6

Discovery Timeline

  • 2026-01-23 - CVE-2026-1363 published to NVD
  • 2026-01-26 - Last updated in NVD database

Technical Details for CVE-2026-1363

Vulnerability Analysis

This vulnerability is classified under CWE-603 (Use of Client-Side Authentication), which describes scenarios where security-critical authentication or authorization checks are performed on the client-side rather than the server-side. In the case of JNC IAQS and I6 products, the web front-end implements security controls that can be bypassed by modifying client-side data or requests.

The fundamental flaw lies in trusting client-side security mechanisms for enforcing administrator privilege boundaries. When security decisions are made based on client-provided data without server-side verification, attackers can manipulate these values to gain unauthorized access. This architectural weakness allows unauthenticated users to bypass authentication controls entirely and assume administrator roles.

Root Cause

The root cause of CVE-2026-1363 is the implementation of security enforcement logic on the client-side (web front-end) rather than implementing proper server-side validation. The application fails to verify user authentication and authorization status on the server before processing privileged requests. This design pattern violates fundamental security principles where the server should never trust client-supplied security decisions.

Attack Vector

The attack vector for this vulnerability is network-based, requiring no authentication and no user interaction. Attackers can exploit this flaw remotely by:

  1. Intercepting and modifying HTTP requests between the client browser and server
  2. Manipulating client-side variables, cookies, or hidden form fields that control privilege levels
  3. Directly submitting crafted requests to administrative endpoints while bypassing client-side checks
  4. Modifying JavaScript-based authentication tokens or session parameters

The vulnerability allows attackers to directly access administrative functionality by circumventing client-side security controls, as the server does not independently verify the legitimacy of privileged operations.

Detection Methods for CVE-2026-1363

Indicators of Compromise

  • Unexpected administrative account creation or privilege changes in system logs
  • Anomalous access patterns to administrative endpoints from unauthenticated sources
  • Modified HTTP requests containing manipulated authorization parameters
  • Unusual session activity indicating privilege escalation attempts

Detection Strategies

  • Monitor web application logs for direct access attempts to administrative endpoints without proper authentication sequences
  • Implement Web Application Firewall (WAF) rules to detect request tampering and parameter manipulation
  • Deploy anomaly detection to identify unusual patterns in authentication and authorization flows
  • Review access logs for requests bypassing expected authentication workflows

Monitoring Recommendations

  • Enable verbose logging on JNC IAQS and I6 administrative interfaces
  • Configure alerting for failed and successful authentication events to administrative functions
  • Monitor network traffic for suspicious patterns targeting administrative endpoints
  • Implement session monitoring to detect privilege escalation attempts

How to Mitigate CVE-2026-1363

Immediate Actions Required

  • Restrict network access to JNC IAQS and I6 administrative interfaces to trusted networks only
  • Implement network segmentation to isolate vulnerable systems from untrusted networks
  • Deploy Web Application Firewall (WAF) rules to filter malicious requests targeting authentication bypass
  • Review and audit all existing administrative accounts for unauthorized changes

Patch Information

Consult the vendor security advisories from TW-CERT for official patch information and remediation guidance:

  • TW-CERT Security Advisory (English)
  • TW-CERT Security Notice (Chinese)

Contact JNC directly for patched versions of IAQS and I6 products that address this vulnerability.

Workarounds

  • Place affected systems behind a reverse proxy or VPN that enforces additional authentication
  • Disable remote administrative access until patches are available
  • Implement IP-based access controls to restrict administrative interface access to known management hosts
  • Consider deploying additional server-side authentication middleware as an interim control
bash
# Example: Restrict administrative interface access via firewall
# Allow only trusted management network to access admin ports
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechN/A
  • SeverityCRITICAL
  • CVSS Score9.3
  • EPSS Probability0.04%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-603
  • Technical References
  • TW-CERT Security Advisory
  • TW-CERT Security Notice
  • Latest CVEs
  • CVE-2026-50263: X.org X Server Use-After-Free Flaw
  • CVE-2026-21033: Samsung Assistant RCE Vulnerability
  • CVE-2026-21032: Samsung Assistant RCE Vulnerability
  • CVE-2026-50260: X.org X Server Use-After-Free Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
Get a DemoContact Us
  • Product Tours
  • Why SentinelOne
  • Pricing & Packages
  • FAQ
  • SentinelOne Status

Key Products & Solutions

  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Prompt Security
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Explore Solutions

Services

  • Wayfinder TDR
  • Managed Detection and Response
  • Threat Hunting
  • Incident Readiness
& Response
  • Technical Account Management
  • Guided Onboarding 
& Deployment
  • Support Services

Company

  • About Us
  • Our Customers
  • Careers
  • Partners
  • S1 Foundation
  • S1 Ventures
  • Legal Information
  • Security & Compliance
  • Investor Relations

Quick Links

  • Customer Portal
  • Partner Portal
  • Become a Partner
  • Resource Center
  • SentinelLABS Threat Research
  • Blog
  • Press Center
  • Cybersecurity 101
  • Events
  • Ransomware Anthology
©2026 SentinelOne, All Rights Reserved
Privacy NoticeTerms of Use
English
English