CVE-2026-25872
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated Path Traversal in JUNG Smart Panel KNX Firmware

Publication date: 2026-02-10

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25872
EUVD
EUVD-2026-6255
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jung smart_panel_knx to L1.12.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in JUNG Smart Panel KNX firmware version L1.12.22 and earlier. It is an unauthenticated path traversal flaw in the embedded web interface. This means the application does not properly validate file path inputs, allowing remote attackers who do not need to authenticate to access arbitrary files on the device's filesystem through the web server.

As a result, attackers can potentially view sensitive system configuration files and other confidential information stored on the device.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to access arbitrary files on the device without authentication.

Such exposure of system configuration files and sensitive data could be leveraged to further compromise the device or network, potentially leading to security breaches.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart