Skip to main content

Unizon CVE-2026-9776

| EUVDEUVD-2026-39114 HIGH
Path Traversal (CWE-22)
2026-06-24 zdi GHSA-685c-hvrm-mjvc
7.5
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (zdi) · only source for this CVE.

CVSS VectorVendor: zdi

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 22:23 vuln.today

DescriptionCVE.org

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the writeFileToHttpServletResponse method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-28505.

AnalysisAI

Unauthenticated information disclosure in ATEN Unizon allows remote attackers to read arbitrary files from affected installations by abusing a path-traversal weakness in the writeFileToHttpServletResponse method. Because the underlying service runs with SYSTEM privileges, an attacker can exfiltrate sensitive files including configuration, credentials, and OS-level data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Inventory all ATEN Unizon deployments; document internet exposure and network location; enable audit logging for file access patterns. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9776 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy