← Voltar para CVEs
CVE-2026-29522
N/ADescricao
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/16/2026
Ultima modificacao3/17/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-22
Referencias
https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi(disclosure@vulncheck.com)
https://www.zwickroell.com/accessories/testxpert-testing-software/test-data-management/(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.