PT-2026-25816 · Zwickroell Gmbh & Co. Kg · Test Data Management

Arun Pratap Singh

Published

2026-03-16

Updated

2026-05-01

CVE-2026-29522

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions ZwickRoell Test Data Management versions prior to 3.0.8

Description The software contains a local file inclusion issue in the /server/node upgrade srv.js endpoint. An attacker can provide directory traversal sequences through the firmware parameter to access arbitrary files on the server, potentially disclosing sensitive system files.

Recommendations Update to version 3.0.8 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-29522

Affected Products

Test Data Management

PT-2026-25816 · Zwickroell Gmbh & Co. Kg · Test Data Management

CVE-2026-29522

Weakness Enumeration

Related Identifiers

Affected Products

References · 5