CVE-2026-22905
published 2026-02-09CVE-2026-22905: An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g.…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wago | 0852-1322 | — | — |
| wago | 0852-1322 | 0.0.0 – 2.64 | — |
| wago | 0852-1328 | — | — |
| wago | 0852-1328 | 0.0.0 – 2.64 | — |