CVE Catalog
CVE-2026-35082
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.49%
39th percentile - higher than 39% of all known CVEs
Summary
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Risk Assessment
An attacker can read sensitive system files such as configurations, passwords, or user data, leading to confidentiality breaches and potential privilege escalation.
Recommendation
Immediately update the software to a patched version and implement input validation for the ugw-logread method.
Original NVD description (English source)
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

