Zwickroell Gmbh & Co. Kg · Test Data Management · CVE-2026-29522
**Name of the Vulnerable Software and Affected Versions**
ZwickRoell Test Data Management versions prior to 3.0.8
**Description**
The software contains a local file inclusion issue in the `/server/node upgrade srv.js` endpoint. An attacker can provide directory traversal sequences through the `firmware` parameter to access arbitrary files on the server, potentially disclosing sensitive system files.
**Recommendations**
Update to version 3.0.8 or later.