CVE-2026-2328

| EUVD-2026-17064 HIGH
2026-03-30 CERTVDE
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 30, 2026 - 07:30 vuln.today
EUVD ID Assigned
Mar 30, 2026 - 07:30 euvd
EUVD-2026-17064
CVE Published
Mar 30, 2026 - 06:55 nvd
HIGH 7.5

Tags

Path Traversal

Description

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

Analysis

Path traversal in WAGO Device Sphere and Solution Builder allows unauthenticated remote attackers to access backend components and expose sensitive information. The vulnerability stems from insufficient input validation (CWE-790), enabling attackers to bypass intended access boundaries with low complexity over network vectors. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all WAGO Device Sphere and Solution Builder installations and document versions in use; implement network segmentation to restrict access to these systems from untrusted networks. Within 7 days: Deploy a WAF or reverse proxy with path traversal protections (block sequences like ../ and encoded variants); conduct vulnerability scanning to identify if systems have been accessed. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

CVE-2026-2328 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy