CVE-2026-8215
MEDIUMIndustrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal
Title source: cnaDescription
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-362432 | Industrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal
https://vuldb.com/vuln/362432
Signature, Permissions Required signature
permissions-required
VDB-362432 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/362432/cti
Third Party Advisory third-party-advisory
Submit #808242 | Industrial Application Software - IAS Canias ERP 8.03-- Directory traversal / Arbitrary file read
https://vuldb.com/submit/808242
Related related
https://hawktrace.com/blog/caniaserp/
Exploit broken-link
exploit
https://gist.github.com/0xb1lal/3885c69998516685e3ea833403b9db2b
Scores
CVSS v3
5.3
EPSS
0.0055
EPSS Percentile
41.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
Industrial Application Software IAS/Canias ERP
8.03
Published
May 10, 2026
Tracked Since
May 10, 2026