{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25872", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-06T19:12:03.464Z", "datePublished": "2026-02-10T22:25:56.349Z", "dateUpdated": "2026-05-11T23:11:17.830Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "JUNG Smart Panel 5.1 KNX", "vendor": "ALBRECHT JUNG GMBH & CO. KG", "versions": [{"lessThanOrEqual": "L1.12.22", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic of Zero Science Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information."}], "value": "JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-11T23:11:17.830Z"}, "references": [{"tags": ["technical-description", "exploit"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5969.php"}, {"tags": ["product"], "url": "https://www.jung-group.com/"}, {"tags": ["product"], "url": "https://downloads.jung.de/public/en/pdf/productdocumentation/en_sp5.1knx_09012015.pdf"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jung-smart-panel-knx-unauthenticated-path-traversal"}], "source": {"discovery": "UNKNOWN"}, "title": "JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T21:18:48.756919Z", "id": "CVE-2026-25872", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T21:18:58.292Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25872", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T21:18:48.756919Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T21:18:54.208Z"}}], "cna": {"title": "JUNG Smart Panel 5.1 KNX Unauthenticated Path Traversal", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ALBRECHT JUNG GMBH & CO. KG", "product": "JUNG Smart Panel 5.1 KNX", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "L1.12.22"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5969.php", "tags": ["technical-description", "exploit"]}, {"url": "https://www.jung-group.com/", "tags": ["product"]}, {"url": "https://downloads.jung.de/public/en/pdf/productdocumentation/en_sp5.1knx_09012015.pdf", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/jung-smart-panel-knx-unauthenticated-path-traversal", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.", "supportingMedia": [{"type": "text/html", "value": "JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-02-10T22:26:48.970Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25872", "state": "PUBLISHED", "dateUpdated": "2026-02-11T21:18:58.292Z", "dateReserved": "2026-02-06T19:12:03.464Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-02-10T22:25:56.349Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information."}, {"lang": "es", "value": "Las versiones L1.12.22 y anteriores del firmware de JUNG Smart Panel KNX contienen una vulnerabilidad de salto de ruta no autenticada en la interfaz web incrustada. La aplicaci\u00f3n no valida correctamente la entrada de la ruta de archivo, permitiendo a atacantes remotos no autenticados acceder a archivos arbitrarios en el sistema de archivos subyacente dentro del contexto del servidor web. Esto puede resultar en la divulgaci\u00f3n de archivos de configuraci\u00f3n del sistema y otra informaci\u00f3n sensible."}], "id": "CVE-2026-25872", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-02-10T23:16:16.473", "references": [{"source": "disclosure@vulncheck.com", "url": "https://downloads.jung.de/public/en/pdf/productdocumentation/en_sp5.1knx_09012015.pdf"}, {"source": "disclosure@vulncheck.com", "url": "https://www.jung-group.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/jung-smart-panel-knx-unauthenticated-path-traversal"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5969.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,L1.12.22]"}}], "product": "jung_smart_panel_5.1_knx", "vendor": "albrecht_jung"}], "analysis": {"en": {"generated_at": "2026-04-18T12:42:14.595199+00:00", "value": {"mitigation_remediation": ["Update the device firmware to a newer version that includes the fix, if available.", "If no patch exists, disable or remove the web interface to eliminate the attack surface.", "Restrict external access to the device\u2019s HTTP port using firewall rules or network segmentation to limit attackers\u2019 ability to reach the vulnerable interface."], "summary": {"action": "Apply Patch", "impact": "Remote File Disclosure"}, "threat_synthesis": {"affected_systems": "Vendors: ALBRECHT JUNG GMBH & CO. KG; Product: JUNG Smart Panel 5.1 KNX; Affected firmware versions: L1.12.22 and prior.", "description_and_impact": "The vulnerability exists in the embedded web interface of JUNG Smart Panel 5.1 KNX firmware L1.12.22 and earlier. The application does not validate file path input, enabling an attacker to supply a specially crafted URL that traverses directories and reads arbitrary files. An attacker can read configuration files and other sensitive data stored on the device\u2019s underlying filesystem, potentially revealing credentials, network topology, or other confidential information. The weakness is a classic path traversal flaw (CWE-22).", "risk_and_exploitability": "The CVSS base score is 6.9, indicating moderate severity. EPSS evaluates the likelihood of exploitation as less than 1%, meaning that while exploitation is technically feasible, it is considered rare at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and no public exploit has been confirmed. Attackers would need remote network access to the device\u2019s web interface and no authentication is required, which increases the ease of exploitation. Overall, the risk is moderate but increases if the device is exposed to untrusted networks."}}}}, "created": "2026-02-11T21:46:23.659412+00:00", "updated": "2026-04-18T12:45:45.674903+00:00", "vendors": ["albrecht_jung", "albrecht_jung$PRODUCT$jung_smart_panel_5.1_knx"]}