CVE-2026-24464
MediumCVSS 6.8Exploitation Probability (EPSS)
Elevated risk55th percentile - higher than 55% of all known CVEs
Summary
In Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint. It allows an authenticated attacker with administrator role privileges to cross a security boundary and delete files.
Risk Assessment
The risk involves unauthorized deletion of critical system files by an administrator, potentially compromising system integrity and causing service disruption.
Recommendation
Immediately update to a software version containing the fix for this vulnerability and restrict access to the iControl REST interface to trusted administrators only.
Original NVD description (English source)
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

