CVE-2026-35081
Analyzed Analyzed - Analysis Complete

Remote Process Termination in UGW via ugw-logstop Method

Vulnerability report for CVE-2026-35081, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-03

Last updated on: 2026-07-03

Assigner: CERT VDE

Description

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-03
Last Modified
2026-07-03
Generated
2026-07-14
AI Q&A
2026-06-03
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mbs-solutions universal_gateway_firmware to 6_00_07 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. This can lead to denial of service or disruption of critical processes, potentially impacting the availability and integrity of systems.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the ability for an attacker to disrupt processes could affect the availability and integrity requirements mandated by these regulations. For example, HIPAA requires ensuring the availability and integrity of electronic protected health information (ePHI), and GDPR mandates appropriate security measures to protect personal data.

Therefore, exploitation of this vulnerability could lead to non-compliance with such regulations if it results in unauthorized disruption of services or data processing.

Executive Summary

This vulnerability involves the ugw-logstop method, which allows a remote attacker who has user privileges to terminate arbitrary processes. The issue arises because the method does not properly validate user-supplied input, enabling the attacker to stop processes they should not be able to.

Impact Analysis

The vulnerability can impact you by allowing an attacker with user privileges to remotely terminate important processes on your system. This can lead to denial of service, disruption of critical services, or potentially further exploitation if essential processes are stopped.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart