Description
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0
References (2)
Core 2
Core References
Release Notes release-notes
https://www.neuron.com.pl/mes-help/mes-download.html
Third Party Advisory third-party-advisory
https://cert.pl/posts/2026/06/CVE-2026-8464
Scores
CVSS v4
8.3
EPSS
0.0020
EPSS Percentile
10.4%
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
Neuron Soft/Golem OEE MES
< 11.6.0
Published
Jun 11, 2026
Tracked Since
Jun 11, 2026