Description
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.

This issue affects LimRAD NAC: before 5.5.7.3.9.
Published: 2026-06-11
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Limatek System Inc.'s LimRAD NAC has an unrestricted file upload vulnerability that allows an attacker to upload files of dangerous types, resulting in remote code inclusion. The flaw permits the execution of malicious code on the NAC server, compromising confidentiality, integrity, and availability of the network access control system. Classified as CWE-434, the vulnerability carries a CVSS score of 9.8, indicating a critical security risk.

Affected Systems

The affected vendor is Limatek System Inc. and the product is LimRAD NAC. Versions older than 5.5.7.3.9 are impacted. No other versions are listed.

Risk and Exploitability

The vulnerability is exploitable over the network by submitting a malicious file through the NAC’s upload interface. Although the EPSS score is not available, the high CVSS score and the remote nature of the attack suggest a significant likelihood of exploitation. The issue is not currently listed in CISA KEV, but the critical CVSS rating warrants immediate attention.

Generated by OpenCVE AI on June 11, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LimRAD NAC to version 5.5.7.3.9 or later where the upload restriction vulnerability has been fixed.
  • In absence of an immediate upgrade, enforce strict file type validation on all upload endpoints, rejecting any dangerous file types, and configure the upload directory with no execution permissions.
  • Continuously monitor NAC logs for anomalous upload activity and coordinate with Limatek support for confirmation if a hotfix is available.

Generated by OpenCVE AI on June 11, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9.
Title Unrestricted File Upload in Limatek's LimRAD NAC
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-11T13:59:10.333Z

Reserved: 2026-05-05T11:20:30.276Z

Link: CVE-2026-7852

cve-icon Vulnrichment

Updated: 2026-06-11T13:58:31.543Z

cve-icon NVD

Status : Received

Published: 2026-06-11T13:16:37.460

Modified: 2026-06-11T13:16:37.460

Link: CVE-2026-7852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T13:30:15Z

Weaknesses
  • CWE-434

    Unrestricted Upload of File with Dangerous Type