CVE-2026-46747

4.3 MEDIUM

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6)

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-26

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46747
[Other]https://cert-portal.siemens.com/productcert/html/ssa-860189.html