Vulnerabilities

CVE-2026-29522

by Fred · 16/03/2026

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to information disclosure of sensitive system files.

More information : https://www.vulncheck.com/advisories/zwickroell-test-data-management-path-traversal-lfi

Similar

Tags: Cybersecurity Alert