CVE Catalog

CVE-2026-35079

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Risk Assessment

An attacker can delete critical system files, leading to service disruption, data loss, or complete system unavailability.

Recommendation

Immediately update the software to a version that fixes input validation in the ugw-restore method, and restrict access to this method to trusted users only.

Original NVD description (English source)

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS