CVE Catalog

CVE-2026-9776

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.58%

72th percentile — higher than 72% of all known CVEs

Summary

A Directory Traversal vulnerability in the writeFileToHttpServletResponse method in ATEN Unizon allows remote attackers to disclose sensitive information without authentication. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations.

Risk Assessment

An attacker can read arbitrary files in the SYSTEM context, leading to the leakage of sensitive data such as passwords, configurations, or user data.

Recommendation

Update ATEN Unizon to the latest version that includes a fix for CVE-2026-9776. Until the update is applied, restrict access to the system to trusted networks only.

Original NVD description (English source)

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific flaw exists within the writeFileToHttpServletResponse method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-28505.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS