Description
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
Published: 2026-03-30
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated remote path traversal exposing sensitive backend information
Action: Check for Patch
AI Analysis

Impact

An unauthenticated attacker can use insufficient input validation to perform a path traversal that reaches backend components beyond the intended boundaries. The flaw allows reading files and data that should be protected, leading to the exposure of sensitive information.

Affected Systems

The affected products are WAGO Device Sphere and WAGO Solution Builder. Version data is not provided, so any installation of these products should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The description specifies a remote, unauthenticated attacker, so the attack vector is inferred to be network based. No explicit exploitation examples are disclosed, but the high severity score signals significant risk if the flaw remains unpatched.

Generated by OpenCVE AI on March 30, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the WAGO website or vendor portal for a patch or service pack that addresses the path traversal issue
  • Apply the vendor‑supplied fix as soon as it becomes available
  • If a fix has not been released, restrict network access to the Device Sphere and Solution Builder instances by firewalling or isolating them from untrusted networks
  • Monitor logs and network traffic for abnormal path traversal attempts or unauthorized backend access

Generated by OpenCVE AI on March 30, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Wago
Wago device Sphere
Wago solution Builder
Vendors & Products Wago
Wago device Sphere
Wago solution Builder

Mon, 30 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
Title Backend Access Due to Insufficient Input Validation
Weaknesses CWE-790
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wago Device Sphere Solution Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-30T18:08:02.801Z

Reserved: 2026-02-11T08:12:03.792Z

Link: CVE-2026-2328

cve-icon Vulnrichment

Updated: 2026-03-30T18:07:47.137Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T08:16:17.210

Modified: 2026-03-30T13:26:07.647

Link: CVE-2026-2328

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:41:14Z

Weaknesses