CVE Catalog

CVE-2026-9774

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.20%

64th percentile — higher than 64% of all known CVEs

Summary

The vulnerability in the updateLicense method of ATEN Unizon software allows a remote authenticated attacker to delete arbitrary files on the system. The issue stems from the lack of proper validation of a user-supplied path before using it in file operations.

Risk Assessment

An attacker can delete critical system files, leading to denial-of-service or destabilization of the entire system.

Recommendation

Immediately update ATEN Unizon software to the latest version containing a fix for this vulnerability. Until the update is applied, restrict administrative interface access to trusted IP addresses only.

Original NVD description (English source)

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLicense method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files or create a denial-of-service condition on the system. Was ZDI-CAN-28502.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS