CVE Catalog

CVE-2026-35076

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Risk Assessment

An attacker could delete critical system or configuration files, potentially causing service disruption, data loss, or privilege escalation.

Recommendation

Immediately update the software to a patched version and implement input validation for the bac-scanresult method.

Original NVD description (English source)

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS