CVE-2026-8736 | Oinone Pamirs up to 7.2.0 RestController LocalFileClient.java request.getParameter uniqueFileName path traversal

A vulnerability, which was classified as critical, has been found in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal.

This vulnerability was named CVE-2026-8736. The attack may be carried out on the physical device. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8736 | Oinone Pamirs up to 7.2.0 RestController LocalFileClient.java request.getParameter uniqueFileName path traversal

Post correlati

CVE-2024-42367 | aio-libs aiohttp up to 3.10.1 symlink (GHSA-jwhx-xcg6-8xhj)

CVE-2018-9350 | Google Android 7/7.1.1/7.1.2/8/8.1 ih264d_utils.c ih264d_assign_pic_num denial of service

CVE-2024-0848 | AA Cash Calculator Plugin up to 1.0 on WordPress Invoice cross site scripting

CVE-2024-41094 | Linux Kernel up to 6.6.36/6.9.7 fbdev-dma vmalloc allocation of resources (f29fcfbf6067/00702cfa8432/d92a7580392a)