CVE-2026-22905
Path Traversal Allows Authentication Bypass in CGI Endpoints
Publication date: 2026-02-09
Last updated on: 2026-02-09
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wago | 852-1328 | to 2.65 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to bypass authentication by exploiting insufficient URI validation combined with path traversal sequences such as /js/../cgi-bin/post.cgi.
By doing so, the attacker can gain unauthorized access to protected CGI endpoints and configuration downloads that should normally be restricted.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can access sensitive configuration data or protected CGI endpoints without any authentication.
This unauthorized access could lead to exposure of sensitive information or unauthorized changes to system configurations.
The CVSS v3.1 base score of 7.5 indicates a high severity, with the vulnerability allowing network-based attacks with low attack complexity and no privileges or user interaction required.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an unauthenticated remote attacker exploiting insufficient URI validation and path traversal sequences to access protected CGI endpoints and configuration downloads.
To detect this vulnerability on your network or system, you can monitor HTTP requests for suspicious URI patterns that include path traversal sequences such as '/../' or specifically attempts to access paths like /js/../cgi-bin/post.cgi.
Suggested commands include using network traffic analysis tools or web server logs to search for these patterns. For example, using grep on web server logs:
- grep -E '\.\./|/js/\.\./cgi-bin/post.cgi' /var/log/httpd/access_log
- Using network packet capture tools like tcpdump or Wireshark to filter HTTP requests containing path traversal sequences.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable CGI endpoints and configuration download paths, implementing proper URI validation to block path traversal sequences, and applying access controls to prevent unauthenticated access.
Since the vulnerability allows bypassing authentication via path traversal, it is critical to patch or update the affected software or firmware as soon as a fix is available.