CVE-2026-35081

Arbitrary process termination vulnerability in method ugw-logstop

CVSS 7.2 HIGHEPSS 0.4%CWE-20

In short

A flaw in the ugw-logstop method lets someone with basic user access stop any running process on the system by sending improper input. This could crash important services and disrupt how the system works.

Technical detail

The ugw-logstop method fails to validate user-supplied input before terminating processes, allowing an authenticated attacker to abuse the functionality to kill arbitrary processes. This requires user-level privileges and can result in denial of service or system instability by terminating critical services.

Summary generated and translated by AI from the official description.

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/