Wago Device Sphere vulnerabilities

CVE-2026-2328 [HIGH] CWE-790 CVE-2026-2328: An unauthenticated remote attacker can exploit insufficient input validation to access backend compo An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

CVE-2025-41715 [CRITICAL] CWE-306 CVE-2025-41715: The database for the web application is exposed without authentication, allowing an unauthenticated The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.