CVE Catalog

CVE-2026-46747

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) that improperly sanitizes path input in the `GET /api/sftp/uploadFiles` endpoint. This allows path traversal through crafted input, enabling access to unintended file system locations.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data or files, potentially leading to serious security breaches.

Recommendation

It is recommended to update SINEC INS to version V1.0 SP2 Update 6 or later and implement appropriate input sanitization mechanisms.

Original NVD description (English source)

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS