CVE-2026-2328

HIGH

Backend Access Due to Insufficient Input Validation

Title source: cna

Description

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

References (1)

https://certvde.com/de/advisories/VDE-2026-010

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-790

Status published

Products (2)

WAGO/Device Sphere 0.0.0 - 1.2.2

WAGO/Solution Builder 0.0.0 - 2.4.2

Published Mar 30, 2026

Tracked Since Mar 30, 2026