CVE Catalog

CVE-2026-9777

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.48%

71th percentile — higher than 71% of all known CVEs

Summary

A directory traversal vulnerability in the restoreDB method of ATEN Unizon allows remote code execution. The flaw is due to improper validation of a user-supplied path before using it in file operations. Authentication is required, but the attacker can execute code in the context of SYSTEM.

Risk Assessment

The organization is at risk of complete system compromise by an authenticated attacker, potentially leading to data theft, malware installation, or service disruption.

Recommendation

Apply the update provided by ATEN for Unizon immediately. Until then, restrict system access to trusted users and monitor activity in the restoreDB method.

Original NVD description (English source)

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28578.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS