{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29522", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-04T15:39:26.873Z", "datePublished": "2026-03-16T20:46:49.771Z", "dateUpdated": "2026-03-17T13:36:22.871Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-16T20:46:49.771Z"}, "title": "ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "ZwickRoell GmbH & Co. KG", "product": "Test Data Management", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "ZwickRoell Test Data Management versions prior to\u00a03.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "ZwickRoell Test Data Management versions prior to&nbsp;3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.<br>"}]}], "references": [{"url": "https://www.zwickroell.com/accessories/testxpert-testing-software/test-data-management/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Arun Pratap Singh and Mayuresh Dani of Qualys", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:36:15.515789Z", "id": "CVE-2026-29522", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:36:22.871Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29522", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:36:15.515789Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:36:19.790Z"}}], "cna": {"title": "ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Arun Pratap Singh and Mayuresh Dani of Qualys"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZwickRoell GmbH & Co. KG", "product": "Test Data Management", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zwickroell.com/accessories/testxpert-testing-software/test-data-management/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "ZwickRoell Test Data Management versions prior to\u00a03.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.", "supportingMedia": [{"type": "text/html", "value": "ZwickRoell Test Data Management versions prior to&nbsp;3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-16T20:46:49.771Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29522", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:36:22.871Z", "dateReserved": "2026-03-04T15:39:26.873Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-16T20:46:49.771Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ZwickRoell Test Data Management versions prior to\u00a03.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files."}, {"lang": "es", "value": "Las versiones de ZwickRoell Test Data Management anteriores a la 3.0.8 contienen una vulnerabilidad de inclusi\u00f3n local de ficheros (LFI) en el endpoint /server/node_upgrade_srv.js. Un atacante no autenticado puede proporcionar secuencias de salto de directorio a trav\u00e9s del par\u00e1metro firmware para acceder a ficheros arbitrarios en el servidor, lo que lleva a la revelaci\u00f3n de informaci\u00f3n de ficheros de sistema sensibles."}], "id": "CVE-2026-29522", "lastModified": "2026-05-01T15:23:27.150", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-16T21:16:33.717", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zwickroell.com/accessories/testxpert-testing-software/test-data-management/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.0.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Test Data Management", "source": "cna", "vendor": "ZwickRoell GmbH & Co. KG"}, "product": "test_data_management", "vendor": "zwickroell"}], "analysis": {"en": {"generated_at": "2026-03-16T22:50:47.535436+00:00", "value": {"mitigation_remediation": ["Upgrade Test Data Management to version 3.0.8 or later."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All installations of ZwickRoell GmbH & Co. KG Test Data Management running a version earlier than 3.0.8. No specific sub\u2011versions are listed beyond the <3.0.8 cutoff.", "description_and_impact": "ZwickRoell Test Data Management versions prior to 3.0.8 have a local file inclusion flaw in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to read arbitrary files from the server. This can reveal sensitive system files, exposing confidential information and potentially enabling further compromise. The vulnerability is identified as CWE-22 and scored with a CVSS score of 8.7, indicating high severity.", "risk_and_exploitability": "The CVSS score signals a high risk of exploitation. Although the EPSS score is not available and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, the lack of authentication requirement and the ability to read arbitrary files make exploitation highly plausible for an attacker with network access to the server. The attack vector is likely remote or local within the network, and successful exploitation could lead to full information disclosure of critical system files."}}}}, "created": "2026-03-17T09:52:07.117138+00:00", "updated": "2026-03-24T10:49:46.467243+00:00", "vendors": ["zwickroell", "zwickroell$PRODUCT$test_data_management"]}