CVE-2026-9550
Path Traversal in Acrel EEMS Cloud Platform
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acrel | electrical_eems_enterprise_power_operation_and_maintenance_cloud_platform | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. It involves a path traversal issue in an unknown functionality related to the file /SubstationWEBV2/app/..;/main/upfile. By manipulating the argument path, an attacker can perform a path traversal attack remotely.
Path traversal vulnerabilities allow attackers to access files and directories that are stored outside the intended directory, potentially exposing sensitive information or enabling further attacks.
The exploit for this vulnerability has been publicly disclosed and can be utilized by attackers. The vendor was notified early but did not respond.
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to access unauthorized files on the affected system by exploiting the path traversal flaw.
Such unauthorized access can lead to exposure of sensitive information, potential system compromise, or further exploitation depending on the files accessed.
The CVSS scores indicate a medium to high severity, with impacts on confidentiality, integrity, and availability.