CVE-2026-36848
HIGHGigamon GVOS <= 5.16.1 - Directory Traversal in H-VUE Subsystem
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2026-36848. PoCs published by calligraf0.
AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2026-36848, demonstrating unauthenticated path traversal in GigaVUE-OS. It allows arbitrary file read/write operations via crafted HTTP requests to the vulnerable `/upload` and `/download` endpoints, with additional functionality to drop a bind shell via cron job manipulation.
Description
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Exploits (1)
The repository contains a functional Python exploit for CVE-2026-36848, demonstrating unauthenticated path traversal in GigaVUE-OS. It allows arbitrary file read/write operations via crafted HTTP requests to the vulnerable `/upload` and `/download` endpoints, with additional functionality to drop a bind shell via cron job manipulation.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N