ATEN has patched a directory traversal vulnerability in its Unizon software that could allow an unauthenticated remote attacker to read sensitive files from an affected system. The flaw carries a CVSS score of 7.5 and was publicly disclosed on June 24, 2026, under CVE-2026-9776.
Vulnerability Details
The weakness resides in the writeFileToHttpServletResponse method. According to the Zero Day Initiative advisory, the method fails to properly validate a user-supplied path before passing it to file system operations. Because no authentication is required to reach the vulnerable code path, a remote attacker can craft a request that traverses directories outside the intended scope and retrieve files in the context of the SYSTEM account.
The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) reflects the combination of network accessibility, low attack complexity, and high confidentiality impact, while confirming there is no integrity or availability component to the attack.
Scope and Impact
- Affected product: ATEN Unizon
- Authentication required: None
- Impact: Full read access to files accessible under the SYSTEM context
- Remote exploitability: Yes, over the network
Patch and Remediation
ATEN has released an update addressing the vulnerability. Administrators running ATEN Unizon should apply the update immediately and consult the vendor’s security advisory for version-specific guidance. The vulnerability was responsibly disclosed to ATEN on March 13, 2026, with coordinated public release following on June 24, 2026, a timeline of roughly 103 days.
Credit for the discovery goes to researcher Ahmed Y. Elmogy. Organizations using ATEN Unizon in environments where the management interface is network-accessible should treat patching as a priority given the zero-authentication requirement for exploitation.