CVE-2026-25872
Awaiting Analysis Awaiting Analysis - Queue
Unauthenticated Path Traversal in JUNG Smart Panel KNX Firmware

Publication date: 2026-02-10

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-11
Generated
2026-05-07
AI Q&A
2026-02-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25872
EUVD
EUVD-2026-6255
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jung smart_panel_knx to L1.12.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in JUNG Smart Panel KNX firmware version L1.12.22 and earlier. It is an unauthenticated path traversal flaw in the embedded web interface. This means the application does not properly validate file path inputs, allowing remote attackers who do not need to authenticate to access arbitrary files on the device's filesystem through the web server.

As a result, attackers can potentially view sensitive system configuration files and other confidential information stored on the device.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to access arbitrary files on the device without authentication.

Such exposure of system configuration files and sensitive data could be leveraged to further compromise the device or network, potentially leading to security breaches.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart