CVE-2026-35079

Arbitrary file delete vulnerability in method ugw-restore

CVSS 7.2 HIGHEPSS 0.4%CWE-73

In short

A remote attacker with user credentials can delete any file on the system through the ugw-restore method because the system doesn't properly check what files they're trying to delete.

Technical detail

The ugw-restore method fails to validate user-supplied file paths, allowing an authenticated remote attacker to delete arbitrary files on the system. The vulnerability requires valid user privileges but lacks proper input sanitization on the file deletion parameter, resulting in potential loss of critical system or user data.

Summary generated and translated by AI from the official description.

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/