CVE-2026-2328

HIGH

Backend Access Due to Insufficient Input Validation

Title source: cna
STIX 2.1

Description

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0031
EPSS Percentile 22.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-790
Status published
Products (2)
WAGO/Device Sphere 0.0.0 - 1.2.2
WAGO/Solution Builder 0.0.0 - 2.4.2
Published Mar 30, 2026
Tracked Since Mar 30, 2026