Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal_CVE-2026-8736

2.4 / 10

LOW

CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be carried out on the physical device. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-8736

Source VulDB

Published May 17, 2026 at 06:15

Affected Product

Vendor Oinone

Product Pamirs

Version 7.0

Affected Versions Oinone Pamirs 7.0
Oinone Pamirs 7.1
Oinone Pamirs 7.2.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be carried out on the physical device. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-17T06:15:08.813Z",
    "modified": "2026-05-17T06:15:08.813Z",
    "type": "cve",
    "title": "Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/364324\nhttps://vuldb.com/vuln/364324/cti\nhttps://vuldb.com/submit/809889\nhttps://github.com/SourByte05/SourByte-Lab/issues/14",
    "id": "CVE-2026-8736",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Oinone Pamirs 7.0\nOinone Pamirs 7.1\nOinone Pamirs 7.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 2.4,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pamirs",
    "version": "7.0",
    "vendor": "Oinone",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}