CVE Catalog

CVE-2026-35082

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

39th percentile - higher than 39% of all known CVEs

Summary

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Risk Assessment

An attacker can read sensitive system files such as configurations, passwords, or user data, leading to confidentiality breaches and potential privilege escalation.

Recommendation

Immediately update the software to a patched version and implement input validation for the ugw-logread method.

Original NVD description (English source)

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS