CVE-2026-36829

Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8

Description An authentication bypass exists in the embedded HTTP server. The server validates session cookies by performing a filesystem existence check based on a user-controlled cookie value. Due to a lack of proper sanitization, this process allows directory traversal, enabling an attacker to bypass authentication.

Recommendations Update to a version later than 7.7.