CVE-2026-35081
Analyzed Analyzed - Analysis Complete
Remote Process Termination in UGW via ugw-logstop Method

Publication date: 2026-06-03

Last updated on: 2026-06-08

Assigner: CERT VDE

Description
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-08
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-35081
EUVD
EUVD-2026-34077
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mbs-solutions universal_gateway_firmware to 6_00_07 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the ugw-logstop method, which allows a remote attacker who has user privileges to terminate arbitrary processes. The issue arises because the method does not properly validate user-supplied input, enabling the attacker to stop processes they should not be able to.

Impact Analysis

The vulnerability can impact you by allowing an attacker with user privileges to remotely terminate important processes on your system. This can lead to denial of service, disruption of critical services, or potentially further exploitation if essential processes are stopped.

Compliance Impact

The vulnerability allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. This can lead to denial of service or disruption of critical processes, potentially impacting the availability and integrity of systems.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the ability for an attacker to disrupt processes could affect the availability and integrity requirements mandated by these regulations. For example, HIPAA requires ensuring the availability and integrity of electronic protected health information (ePHI), and GDPR mandates appropriate security measures to protect personal data.

Therefore, exploitation of this vulnerability could lead to non-compliance with such regulations if it results in unauthorized disruption of services or data processing.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35081. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart