CVE Catalog

CVE-2026-24464

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.89%

55th percentile - higher than 55% of all known CVEs

Summary

In Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint. It allows an authenticated attacker with administrator role privileges to cross a security boundary and delete files.

Risk Assessment

The risk involves unauthorized deletion of critical system files by an administrator, potentially compromising system integrity and causing service disruption.

Recommendation

Immediately update to a software version containing the fix for this vulnerability and restrict access to the iControl REST interface to trusted administrators only.

Original NVD description (English source)

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS