CVE-2026-46747

Analyzed Analyzed - Analysis Complete

Path Traversal in SINEC INS via SFTP Upload Endpoint

Publication date: 2026-06-09

Last updated on: 2026-06-12

Assigner: Siemens AG

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-12

Generated

2026-06-29

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-46747

EUVD

EUVD-2026-35384

Affected Vendors & Products

Vendor	Product	Version / Range
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0
siemens	sinec_ins	to 1.0 (inc)
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-26	The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

Attack-Flow Graph

Executive Summary

CVE-2026-46747 is a vulnerability in the SINEC INS application versions before V1.0 SP2 Update 6. The issue occurs because the application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint, which is used for directory listing.

This improper sanitization allows an attacker to perform a path traversal attack by crafting input that accesses unintended file system locations outside the allowed directory structure.

The vulnerability is classified as CWE-26: Path Traversal.

Impact Analysis

This vulnerability could allow an authenticated remote attacker to access files outside the intended directory structure on the affected system.

Such unauthorized access to files may lead to exposure of sensitive information or system files, potentially compromising the confidentiality of data.

Detection Guidance

This vulnerability can be detected by monitoring requests to the GET /api/sftp/uploadFiles endpoint for path traversal patterns such as '../' sequences in the path input.

You can use network monitoring tools or web server logs to identify suspicious requests containing crafted input attempting directory traversal.

Example command to search for suspicious requests in web server logs (assuming logs are in access.log):

grep "/api/sftp/uploadFiles" access.log | grep "\.\./"

Alternatively, using a network packet capture tool like tcpdump or Wireshark, filter HTTP GET requests to the vulnerable endpoint and inspect for path traversal payloads.

Mitigation Strategies

The immediate recommended step to mitigate this vulnerability is to update SINEC INS to version V1.0 SP2 Update 6 or later, where the issue is fixed.

Until the update can be applied, restrict access to the vulnerable endpoint by implementing network-level controls such as firewall rules or access control lists to limit access to trusted users only.

Additionally, monitor logs for suspicious activity targeting the /api/sftp/uploadFiles endpoint and respond accordingly.

Hi! I’m here to help you understand CVE-2026-46747. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70