CVE-2026-8736

Name of the Vulnerable Software and Affected Versions Oinone Pamirs versions prior to 7.2.0

Description A path traversal flaw exists in the RestController component within the LocalFileClient.java file. The issue occurs in the request.getParameter() function when the uniqueFileName argument is manipulated, allowing an attacker with physical access to the device to perform path traversal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the uniqueFileName argument within the request.getParameter() function of the RestController component.