CVE-2026-22905

Name of the Vulnerable Software and Affected Versions versions prior to 2026-22905

Description An unauthenticated remote attacker can bypass authentication due to insufficient URI validation. This allows exploitation through path traversal sequences, such as /js/../cgi-bin/post.cgi, to gain unauthorized access to protected CGI endpoints and configuration downloads. A path traversal attack exploits a flaw in an application's handling of user-supplied file paths, enabling attackers to access files and directories outside the intended web root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.