CVE-2026-35082 | MBS Single-A prior 6_0_0_7 ugw-logread path traversal (VDE-2026-039)

A vulnerability described as critical has been identified in MBS Single-A, Double-A Profibus, Double-A x-link, Single-X, Double-X CAN, Double-X DALI, Double-X KNX, Double-X LON, Double-X M-Bus, Double-X PROFINET, Double-X x-link, Triple-X KNX+DALI, Triple-X KNX+LON, Triple-X KNX+M-Bus, Triple-X PROFINET+DALI, Triple-X PROFINET+KNX, Triple-X PROFINET+LON and Triple-X PROFINET+M-Bus. Affected is the function ugw-logread. Such manipulation leads to path traversal.

This vulnerability is traded as CVE-2026-35082. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-35082 | MBS Single-A prior 6_0_0_7 ugw-logread path traversal (VDE-2026-039)

Post correlati

CVE-2025-61972 | AMD EPYC 9004 Processors security-sensitive hardware controls with missing lock bit protection (EUVD-2025-209812)

CVE-2024-50339 | GLPI up to 10.0.16 cross site scripting

CVE-2024-31191 | Open Networking Foundation libfluid 0.1.0 unpack out-of-bounds

CVE-2024-0323 | B&R Industrial Automation Runtime up to 14.92 FTP Server risky encryption