CVE Catalog
CVE-2026-35076
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.37%
29th percentile - higher than 29% of all known CVEs
Summary
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Risk Assessment
An attacker could delete critical system or configuration files, potentially causing service disruption, data loss, or privilege escalation.
Recommendation
Immediately update the software to a patched version and implement input validation for the bac-scanresult method.
Original NVD description (English source)
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

