CVE-2026-25872: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ALBRECHT JUNG GMBH & CO. KG JUNG Smart Panel 5.1 KNX
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
AI Analysis
Technical Summary
CVE-2026-25872 is a path traversal vulnerability (CWE-22) in ALBRECHT JUNG GMBH & CO. KG JUNG Smart Panel 5.1 KNX firmware version L1.12.22 and prior. The embedded web interface fails to properly restrict file path inputs, enabling unauthenticated remote attackers to read arbitrary files on the underlying filesystem within the web server's context. This vulnerability can disclose sensitive system configuration data. The CVSS 4.0 vector indicates network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality. No patch or official remediation guidance is currently available.
Potential Impact
Successful exploitation allows remote, unauthenticated attackers to read arbitrary files on the device's filesystem, potentially exposing sensitive system configuration and other confidential information. This could compromise the confidentiality of the device and its configuration but does not indicate direct code execution or availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor ALBRECHT JUNG GMBH & CO. KG communications for firmware updates addressing this vulnerability. Until a fix is available, restricting network access to the device's web interface and employing network-level protections may reduce exposure.
CVE-2026-25872: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ALBRECHT JUNG GMBH & CO. KG JUNG Smart Panel 5.1 KNX
Description
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-25872 is a path traversal vulnerability (CWE-22) in ALBRECHT JUNG GMBH & CO. KG JUNG Smart Panel 5.1 KNX firmware version L1.12.22 and prior. The embedded web interface fails to properly restrict file path inputs, enabling unauthenticated remote attackers to read arbitrary files on the underlying filesystem within the web server's context. This vulnerability can disclose sensitive system configuration data. The CVSS 4.0 vector indicates network attack vector, low complexity, no privileges or user interaction required, and low impact on confidentiality. No patch or official remediation guidance is currently available.
Potential Impact
Successful exploitation allows remote, unauthenticated attackers to read arbitrary files on the device's filesystem, potentially exposing sensitive system configuration and other confidential information. This could compromise the confidentiality of the device and its configuration but does not indicate direct code execution or availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor ALBRECHT JUNG GMBH & CO. KG communications for firmware updates addressing this vulnerability. Until a fix is available, restricting network access to the device's web interface and employing network-level protections may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-02-06T19:12:03.464Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 698bb5374b57a58fa12f9f56
Added to database: 2/10/2026, 10:46:15 PM
Last enriched: 5/12/2026, 4:01:14 AM
Last updated: 5/22/2026, 7:54:20 AM
Views: 179
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.