CVE-2026-28701

CRITICAL

Daktronics Controller Firmware Path Traversal

Title source: cna
STIX 2.1

Description

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

Scores

CVSS v3 9.8
EPSS 0.0084
EPSS Percentile 53.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Products (9)
Daktronics/DMP-5000 < v10.34.x.x
Daktronics/DMP-5000 < v8.117.x.x
Daktronics/DMP-5000 < v9.43.x.x
Daktronics/DMP-8000 < v10.34.x.x
Daktronics/DMP-8000 < v8.117.x.x
Daktronics/DMP-8000 < v9.43.x.x
Daktronics/VFC-DMP-5000 < v10.34.x.x
Daktronics/VFC-DMP-5000 < v8.117.x.x
Daktronics/VFC-DMP-5000 < v9.43.x.x
Published Jun 26, 2026
Tracked Since Jun 27, 2026