Cydome Research Team has disclosed three vulnerabilities in the NAVTOR NavBox, an OT gateway used on commercial vessels for navigation and network data. The vulnerabilities were assigned CVE-2026-2752 (Missing Authentication on HTTP API Endpoints), CVE-2026-2753 (Absolute Path Traversal Vulnerability), and CVE-2026-2754 (Information Disclosure Vulnerability). The findings were reported by Cyprus Shipping News on 13 March 2026.

The NavBox sits at the intersection of navigation and connectivity — it processes data from navigation instruments and distributes it across shipboard networks. Missing authentication on HTTP API endpoints means that an attacker with network access could potentially interact with the device without credentials. The path traversal vulnerability could allow access to files outside the intended directory structure. The information disclosure vulnerability could expose sensitive configuration or operational data.

All three are the kind of foundational issues — no authentication, no path validation, leaking configuration data — that appear when OT devices are designed for functionality first and security as an afterthought.

Why this matters: OT gateways on vessels are often assumed to be isolated. In practice, they sit on networks that may have internet connectivity via VSAT, may be accessed by shore-side engineers, and connect to safety-critical navigation systems. A vulnerable NavBox is not just an IT problem — it's a bridge between your network and your charts.

One thing to do: If your fleet uses NAVTOR NavBox, check with your vendor or IT/OT manager whether the firmware has been updated since these disclosures. Ask specifically whether the HTTP API endpoints require authentication. If you can't get a clear answer, assume the gap exists and restrict network access to the device until you can verify.

SEA.AI published findings on 18 March 2026 showing how AI vision systems can serve as a compensating control when GNSS signals are compromised. The company's approach combines RGB and thermal cameras with deep-learning algorithms, fusing the output with radar and AIS data to give officers a picture of their immediate environment that doesn't depend on coordinate accuracy.

The framing is direct: "AI-powered vision shifts the focus from where a vessel appears to be to what actually surrounds it." Where GNSS spoofing manufactures a false position, vision-based systems detect what is physically present — other vessels, obstacles, coastlines — independently of any signal that could be manipulated. The company notes: "As GNSS spoofing, electronic interference, and data manipulation continue to rise, we see AI vision as a cornerstone of maritime resilience."

This is a maritime-specific application, not a generic AI story. The combination of thermal imaging, radar cross-referencing, and AIS validation targets the operational gap that GNSS interference creates on the bridge — where officers must make collision-avoidance decisions with unreliable position data.

Why this matters: The GNSS interference picture continues to worsen (see the Number of the Week below). Regulatory requirements for GNSS resilience are growing across IMO and EU frameworks. Technologies that provide independent situational awareness — without relying on a signal that can be jammed or spoofed — are no longer a premium option. They are a risk mitigation response to a documented, ongoing threat.

One thing to do: If you're evaluating bridge technology renewals, add a column for GNSS-independence to your assessment criteria. Ask vendors how their system performs when GPS coordinates are unreliable or absent. The answer will tell you a lot about whether the product was designed for real maritime conditions.

The NORMA Cyber Annual Threat Assessment 2026 is being launched today, 24 March, at their conference in Oslo — and we are there. The full assessment launches today. Based on findings shared via Smart Maritime Network on 2 March, the report contains several data points worth noting.

Insider risk remains the top maritime cyber threat — as we covered in Issue #2, the assessment has been signalling this since its preview. Today's launch gives the full picture. What's new in the preview is the classification of cyber espionage as a HIGH threat, alongside 45 documented instances of threat actors claiming maritime victims in 2024, a figure reported by Shipping Telegraph. These are not aspirational claims — they are tracked incidents from identified threat actor groups.

The preview findings also point to continued targeting of OT/IT boundary devices and supply chain exposure through third-party vendors — both areas where the industry has known gaps and where regulatory pressure under IMO MSC-FAL.1/Circ.3 and NIS2 is increasing.

Why this matters: The ATA is one of the few assessments built specifically on maritime intelligence rather than adapted from general enterprise threat data. When NORMA classifies something as HIGH, it means there is documented evidence of capability and intent in the maritime sector specifically. The 45 confirmed victim claims in 2024 put a number on what was previously described qualitatively.

One thing to do: Download the full ATA 2026 from NORMA Cyber's website when it goes live today. Pay particular attention to the espionage section — this is often underweighted by maritime operators who assume their operational data is not valuable to state actors. Cargo schedules, port call sequences, and charter party details are intelligence.

Browse the full list → mc3.maritime-ogmios.tech