Skip to main content

Oinone Pamirs CVE-2026-8736

| EUVD-2026-30685 LOW
Path Traversal (CWE-22)
2026-05-17 VulDB GHSA-frwq-5cw2-vg5w
Java Path Traversal
0.9
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 17, 2026 - 07:29 vuln.today
Severity Changed
May 17, 2026 - 07:22 NVD
MEDIUM LOW
CVSS changed
May 17, 2026 - 07:22 NVD
4.1 (MEDIUM) 0.9 (LOW)

DescriptionNVD

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be carried out on the physical device. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in Oinone Pamirs versions up to 7.2.0 allows authenticated local attackers with physical device access to read, write, or delete arbitrary files via manipulated uniqueFileName parameter in LocalFileClient.java RestController endpoint. Publicly available exploit code exists (GitHub POC published). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8736 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy