CVE-2026-36848
Analyzed Analyzed - Analysis Complete

Directory Traversal in Gigamon GVOS H-VUE

Vulnerability report for CVE-2026-36848, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-29

Last updated on: 2026-06-30

Assigner: MITRE

Description

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-30
Generated
2026-07-19
AI Q&A
2026-06-29
EPSS Evaluated
2026-07-18
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gigamon gigavue-os to 5.16.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-36848 is a critical directory traversal vulnerability in Gigamon GVOS appliances version 5.16.1 and below, specifically in the legacy H-VUE subsystem.

The flaw exists in the persistd daemon's TornadoHTTP web service, which improperly handles user-supplied path parameters without proper validation.

This allows unauthenticated remote attackers with network access to read arbitrary files and perform partial write operations with root privileges by exploiting the DownloadDbFile and UploadDbFile handlers.

Attackers can bypass restrictions by URL-encoding path separators to escape the intended directory, leading to unauthorized file access and modification.

The vulnerability was removed in GVOS version 6, and users are advised to upgrade from affected versions.

Detection Guidance

The vulnerability exists in Gigamon GVOS appliances running the legacy H-VUE subsystem on port 8089. Detection can focus on identifying systems running GVOS version 5.16.1 or below, especially those exposing port 8089.

One approach is to scan your network for devices with port 8089 open and check the GVOS version. Since the vulnerability involves path traversal via HTTP requests, you can attempt to detect it by sending crafted HTTP requests to the DownloadDbFile or UploadDbFile handlers to see if arbitrary file access is possible.

  • Use network scanning tools (e.g., nmap) to identify hosts with port 8089 open: nmap -p 8089 <target-ip>
  • Check the GVOS version on identified devices to confirm if it is 5.16.1 or below.
  • Attempt to access files via HTTP requests exploiting path traversal, for example by URL-encoding path separators in requests to the DownloadDbFile handler.
Impact Analysis

This vulnerability can allow attackers to remotely read sensitive files and partially overwrite files on the affected system with root privileges without authentication.

Such unauthorized access and modification can lead to data exposure, system compromise, and potential disruption of services.

Because the exploit requires only network access and no authentication, it poses a significant security risk to affected GVOS appliances.

Compliance Impact

The vulnerability in Gigamon GVOS v5.16.1 and below allows unauthenticated remote attackers to read arbitrary files and perform partial writes with root privileges. This unauthorized access to sensitive files could lead to exposure of personal or protected data.

Such unauthorized access and potential data exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive information and protection against unauthorized data disclosure.

However, the vulnerability exists only in unsupported versions (GVOS 5.16.1 and below), and upgrading to supported versions removes this risk.

Mitigation Strategies

The primary mitigation step is to upgrade GVOS to a version that does not contain the vulnerable H-VUE subsystem. Specifically, upgrading to GVOS version 6 or later removes the vulnerable component entirely.

If upgrading immediately is not possible, restrict network access to port 8089 to trusted sources only, as the vulnerability requires network access to this port.

Since the vulnerability allows unauthenticated remote attackers to read and partially write files with root privileges, limiting exposure and applying network-level controls is critical until an upgrade can be performed.

Unsupported versions are strongly discouraged due to security risks, so planning for migration to supported releases is recommended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36848. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart