Path traversal in Neuron Soft Golem OEE MES_CVE-2026-8464

8.3 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Description

Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.
This issue has been fixed in version 11.6.0

Basic Information

ID CVE-2026-8464

Source CERT-PL

Published Jun 11, 2026 at 10:32

Modified Jun 11, 2026 at 12:13

Affected Product

Vendor Neuron Soft

Product Golem OEE MES

Affected Versions Neuron Soft Golem OEE MES 0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.\nThis issue has been fixed in version\u00a011.6.0",
    "published": "2026-06-11T10:32:23.977Z",
    "modified": "2026-06-11T12:13:26.247Z",
    "type": "cve",
    "title": "Path traversal in Neuron Soft Golem OEE MES",
    "source": "CERT-PL",
    "references": "https://www.neuron.com.pl/mes-help/mes-download.html\nhttps://cert.pl/posts/2026/06/CVE-2026-8464",
    "id": "CVE-2026-8464",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Neuron Soft Golem OEE MES 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Golem OEE MES",
    "version": "0",
    "vendor": "Neuron Soft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}