CVE-2026-5434
Path Traversal in Honeywell Control Network Module
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Honeywell International Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| honeywell | control_network_module | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Honeywell Control Network Module (CNM) where sensitive information can be inserted into an unintended directory. An attacker could exploit this by probing system files, which may lead to unintended access to protected data.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to gain unintended access to sensitive or protected data by exploiting the insertion of sensitive information into unintended directories. This could compromise the confidentiality of your data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Honeywell Control Network Module (CNM) involves insertion of sensitive information into an unintended directory, which could lead to unintended access to protected data. This type of data exposure could potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive information and preventing unauthorized access.
However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations.