Description
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Published: 2026-01-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Read
Action: Immediate Patch
AI Analysis

Impact

Statistics Database System by Gotac includes a vulnerability that allows unauthenticated remote attackers to perform relative path traversal and read arbitrary system files. This can expose sensitive configuration data, credentials, or other private information if the files are accessible. The flaw is a classic path traversal flaw (CWE‑23).

Affected Systems

Gotac:Statistics Database System versions earlier than 1.0.4 are affected. All deployments of the product before the 1.0.4 release are considered vulnerable.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. The EPSS score of less than 1% indicates a low likelihood of exploitation seen in the public record; however, because the attack requires no authentication, interested adversaries may attempt the exploit. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 18, 2026 at 05:50 UTC.

Remediation

Vendor Solution

Update to version 1.0.4 or later.

OpenCVE Recommended Actions

  • Update the Statistics Database System to version 1.0.4 or later.
  • If the update cannot be applied immediately, restrict remote access to the affected service by configuring firewall rules or NAT to allow only trusted IP addresses.
  • Validate and sanitize all user‑supplied file path inputs to prevent relative path traversal, ensuring that file operations are confined to the intended directory.

Generated by OpenCVE AI on April 18, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gotac statistics Database System
CPEs cpe:2.3:a:gotac:statistics_database_system:*:*:*:*:*:*:*:*
Vendors & Products Gotac statistics Database System

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotac
Gotac statistical Database System
Vendors & Products Gotac
Gotac statistical Database System
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Title Gotac|Statistics Database System - Arbitrary File Read
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gotac Statistical Database System Statistics Database System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-16T14:04:31.040Z

Reserved: 2026-01-16T02:00:25.475Z

Link: CVE-2026-1022

cve-icon Vulnrichment

Updated: 2026-01-16T14:04:26.643Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T04:15:49.113

Modified: 2026-01-23T20:23:02.100

Link: CVE-2026-1022

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:00:08Z

Weaknesses