CVE-2026-2250

Name of the Vulnerable Software and Affected Versions METIS WIC devices (affected versions not specified)

Description The /dbviewer/ web endpoint is accessible without authentication, allowing a remote attacker to access and export the internal telemetry SQLite database, which contains sensitive operational data. Debug mode is enabled, resulting in verbose Django tracebacks for malformed requests. These tracebacks reveal backend source code, local file paths, and system configuration details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.