Description
The 
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories,  resulting in data destruction or service disruption.
Published: 2026-06-12
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in IEI Integration Corp's iVEC-IEI Virtualization Edge Computer allows an authenticated remote attacker to request deletion of arbitrary system files or directories. This flaw can result in permanent data loss, corruption of critical files, and interruption of system services, thereby directly affecting the integrity and availability of the affected environment.

Affected Systems

Affected systems include the iVEC TANK-XM811 product line from IEI Integration Corp. No specific firmware or hardware revision numbers are listed in the advisory, so every installed instance of the iVEC TANK-XM811 is potentially vulnerable unless a later security fix has been applied.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity, while the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, meaning the public exploitation likelihood is currently uncertain. The attack requires prior authenticated remote access, so the risk is limited to environments that expose remote management interfaces. In the absence of a patch, mitigations such as enforcing strict role-based access control on delete operations, disabling the file‑deletion feature, and monitoring for unexpected deletions can reduce risk.

Generated by OpenCVE AI on June 12, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any firmware or software patch released by IEI Integration Corp that addresses the arbitrary file‑deletion flaw.
  • Configure role‑based access controls so that only trusted administrative roles have permission to delete system files or directories, thereby eliminating the possibility of unauthorized deletions.
  • Deploy file‑integrity monitoring and alerting to detect and respond quickly to unexpected deletion events.

Generated by OpenCVE AI on June 12, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Iei Integration Corp
Iei Integration Corp ivec Tank-xm811
Vendors & Products Iei Integration Corp
Iei Integration Corp ivec Tank-xm811

Fri, 12 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories,  resulting in data destruction or service disruption.
Title IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Iei Integration Corp Ivec Tank-xm811
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-06-12T10:54:07.905Z

Reserved: 2026-06-10T07:50:58.661Z

Link: CVE-2026-11846

cve-icon Vulnrichment

Updated: 2026-06-12T10:53:47.709Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T10:16:21.757

Modified: 2026-06-12T16:00:18.860

Link: CVE-2026-11846

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:20:48Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')