CVE-2026-35079
Remote File Deletion via ugw-restore Method
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbs | universal_gateway | to 6.0.0.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ugw-restore method, which allows a remote attacker who has user privileges to delete arbitrary local files. The root cause is insufficient validation of user-controlled input, meaning the method does not properly check or restrict the input it receives from users, enabling malicious deletion of files.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized deletion of local files by an attacker with user privileges. This can result in loss of important data, disruption of services, potential system instability, and could be exploited to remove critical files necessary for system operation or security.