CVE-2026-9550

Name of the Vulnerable Software and Affected Versions Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0

Description A path traversal issue exists in the '/SubstationWEBV2/app/..;/main/upfile' endpoint. A remote attacker can manipulate the path argument to access files and directories outside the intended folder. Path traversal is a technique that allows an attacker to read arbitrary files on the server by using special character sequences like dot-dot-slash (../).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.