CVE-2026-9550
Deferred Deferred - Pending Action
Path Traversal in Acrel EEMS Cloud Platform

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: VulDB

Description
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9550
EUVD
EUVD-2026-31825
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acrel electrical_eems_enterprise_power_operation_and_maintenance_cloud_platform 1.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. It involves a path traversal issue in an unknown functionality related to the file /SubstationWEBV2/app/..;/main/upfile. By manipulating the argument path, an attacker can perform a path traversal attack remotely.

Path traversal vulnerabilities allow attackers to access files and directories that are stored outside the intended directory, potentially exposing sensitive information or enabling further attacks.

The exploit for this vulnerability has been publicly disclosed and can be utilized by attackers. The vendor was notified early but did not respond.

Impact Analysis

This vulnerability can allow remote attackers to access unauthorized files on the affected system by exploiting the path traversal flaw.

Such unauthorized access can lead to exposure of sensitive information, potential system compromise, or further exploitation depending on the files accessed.

The CVSS scores indicate a medium to high severity, with impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9550. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart