CVE-2026-22625
Unknown
Unknown - Not Provided
Information Disclosure via Improper Filename Handling in HIKSEMI NAS
Publication date: 2026-01-30
Last updated on: 2026-02-27
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hiksemi | nas | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper handling of filenames in certain HIKSEMI NAS products, which may lead to the exposure of sensitive system files.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive system files, potentially allowing unauthorized parties to access confidential information stored on the affected NAS devices.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70