Skip to main content

CVE-2026-22876

MEDIUM
Path Traversal (CWE-22)
2026-01-16 vultures@jpcert.or.jp
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 16, 2026 - 09:16 nvd
MEDIUM 6.5

DescriptionCVE.org

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low("monitoring user") or higher privilege.

AnalysisAI

TOA Corporation TRIFORA 3 series network cameras contain a path traversal vulnerability that allows authenticated users with monitoring privileges or higher to read arbitrary files from the device. An attacker with valid credentials can exploit this flaw to access sensitive information stored on the affected cameras. No patch is currently available for this vulnerability.

Technical ContextAI

Classified as CWE-22 (Path Traversal). Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low("monitoring user") or higher privilege.

Affected ProductsAI

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

Share

CVE-2026-22876 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy