CVE-2026-2328

Summary

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

Affected Software

VendorProductVersion RangeStatus
WAGODevice Sphere0.0.0 < 1.2.2affected
WAGOSolution Builder0.0.0 < 2.4.2affected

Weaknesses

  • CWE-790: CWE-790 Improper Filtering of Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References