CVE-2026-9779
Received Received - Intake
Improper Signature Verification in ATEN Unizon RCE

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: Zero Day Initiative

Description
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateWar method. The issue results from an incorrect implementation of cryptographic signature verification. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28590.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-9779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
aten unizon *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ATEN Unizon's doCryptoHugeFileToFile function, specifically within the updateWar method. It is caused by an improper verification of a cryptographic signature, which means the software does not correctly check the authenticity of certain files or updates.

Because of this flaw, a remote attacker who is authenticated can exploit the vulnerability to execute arbitrary code on the affected system with SYSTEM-level privileges.

Impact Analysis

If exploited, this vulnerability allows an authenticated remote attacker to execute arbitrary code with SYSTEM privileges on the affected ATEN Unizon installation.

This means the attacker could potentially take full control of the system, leading to data theft, system manipulation, disruption of services, or further attacks within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart