CVE-2026-9777
HighCVSS 7.2Exploitation Probability (EPSS)
Elevated risk71th percentile — higher than 71% of all known CVEs
Summary
A directory traversal vulnerability in the restoreDB method of ATEN Unizon allows remote code execution. The flaw is due to improper validation of a user-supplied path before using it in file operations. Authentication is required, but the attacker can execute code in the context of SYSTEM.
Risk Assessment
The organization is at risk of complete system compromise by an authenticated attacker, potentially leading to data theft, malware installation, or service disruption.
Recommendation
Apply the update provided by ATEN for Unizon immediately. Until then, restrict system access to trusted users and monitor activity in the restoreDB method.
Original NVD description (English source)
ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28578.

