CVE-2026-2328 PUBLISHED

Backend Access Due to Insufficient Input Validation

Assigner: CERTVDE
Reserved: 11.02.2026 Published: 30.03.2026 Updated: 30.03.2026

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	WAGO
Product	Device Sphere
Versions	Default: unaffected affected from 0.0.0 to 1.2.2 (excl.)

Vendor	WAGO
Product	Solution Builder
Versions	Default: unaffected affected from 0.0.0 to 2.4.2 (excl.)

Credits

Marvin Ramsperger from SySS GmbH finder

References

https://certvde.com/de/advisories/VDE-2026-010

Problem Types

CWE-790 Improper Filtering of Special Elements CWE