Backend Access Due to Insufficient Input Validation_CVE-2026-2328

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

Basic Information

ID CVE-2026-2328

Source CERTVDE

Published Mar 30, 2026 at 06:55

Modified Mar 30, 2026 at 18:08

Affected Product

Vendor WAGO

Product Device Sphere

Version 0.0.0

Affected Versions WAGO Device Sphere 0.0.0
WAGO Solution Builder 0.0.0

CWE Classification

CWE-790

References

certvde.com /de/advisories/VDE-2026-010

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.",
    "published": "2026-03-30T06:55:31.424Z",
    "modified": "2026-03-30T18:08:02.801Z",
    "type": "cve",
    "title": "Backend Access Due to Insufficient Input Validation",
    "source": "CERTVDE",
    "references": "https://certvde.com/de/advisories/VDE-2026-010",
    "id": "CVE-2026-2328",
    "bulletinFamily": "",
    "cwe": [
        "CWE-790"
    ],
    "cvelist": null,
    "sourceData": "WAGO Device Sphere 0.0.0\nWAGO Solution Builder 0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Device Sphere",
    "version": "0.0.0",
    "vendor": "WAGO",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}