{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22905", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-01-13T08:33:25.684Z", "datePublished": "2026-02-09T07:40:17.801Z", "dateUpdated": "2026-02-09T15:33:33.687Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "0852-1322", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "2.64", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "0852-1328", "vendor": "WAGO", "versions": [{"lessThanOrEqual": "2.64", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "0852-1322", "vendor": "WAGO", "versions": [{"status": "affected", "version": "2.64"}]}, {"defaultStatus": "unaffected", "product": "0852-1328", "vendor": "WAGO", "versions": [{"status": "affected", "version": "2.64"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diconium"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.<br>"}], "value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-02-09T07:40:17.801Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-004"}], "source": {"advisory": "VDE-2026-004", "defect": ["CERT@VDE#641934"], "discovery": "UNKNOWN"}, "title": "Authentication Bypass via URI Traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:33:12.951248Z", "id": "CVE-2026-22905", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:33:33.687Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:33:12.951248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:33:24.758Z"}}], "cna": {"title": "Authentication Bypass via URI Traversal", "source": {"defect": ["CERT@VDE#641934"], "advisory": "VDE-2026-004", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Diconium"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WAGO", "product": "0852-1322", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.64"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "0852-1328", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.64"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "0852-1322", "versions": [{"status": "affected", "version": "2.64"}], "defaultStatus": "unaffected"}, {"vendor": "WAGO", "product": "0852-1328", "versions": [{"status": "affected", "version": "2.64"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-004"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-02-09T07:40:17.801Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22905", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:33:33.687Z", "dateReserved": "2026-01-13T08:33:25.684Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-02-09T07:40:17.801Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads."}, {"lang": "es", "value": "Un atacante remoto no autenticado puede eludir la autenticaci\u00f3n explotando una validaci\u00f3n de URI insuficiente y utilizando secuencias de salto de ruta (p. ej., /js/../cgi-bin/post.cgi), obteniendo acceso no autorizado a puntos finales CGI protegidos y descargas de configuraci\u00f3n."}], "id": "CVE-2026-22905", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2026-02-09T08:16:11.560", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2026-004"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.64]"}}], "product": "0852-1322", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.64"}}], "product": "0852-1322", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.64]"}}], "product": "0852-1328", "vendor": "wago"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.64"}}], "product": "0852-1328", "vendor": "wago"}], "analysis": {"en": {"generated_at": "2026-04-17T21:31:57.382343+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest firmware update that fixes URI validation and prevents path traversal.", "If a patch is not yet available, restrict network connectivity to the device\u2019s management interface to trusted IP ranges or use a firewall to block unauthenticated traffic.", "Disable or remove unused CGI endpoints and enforce strict authentication on all remaining web services.", "Monitor access logs for unusual URI patterns such as '/../' sequences and investigate promptly."], "summary": {"action": "Patch Immediately", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects WAGO devices in the 0852\u20111322 and 0852\u20111328 series. No specific firmware or revision numbers are listed, so all current deployments of these series are potentially impacted.", "description_and_impact": "An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and employing path traversal sequences such as /js/../cgi-bin/post.cgi, which allows unauthorized access to protected CGI endpoints and configuration downloads. This flaw can lead to the exposure of sensitive configuration data and potentially to unauthorized manipulation of device settings, posing a significant security risk.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity vulnerability, and the EPSS score of less than\u00a01% shows a very low exploitation probability at present. The flaw is not listed in the CISA KEV catalog. The likely attack vector is remote, unauthenticated, and requires the attacker to send a specially crafted request to the device\u2019s web interface, bypassing authentication and accessing configuration resources."}}}}, "created": "2026-02-10T12:23:49.901464+00:00", "updated": "2026-04-17T21:45:28.602544+00:00", "vendors": ["wago", "wago$PRODUCT$0852-1322", "wago$PRODUCT$0852-1328"]}