VDB

GCVE-110-NCSC-2026-162

GCVE-110-NCSC-2026-162
Advisory PublishedCVSS 6.8/10
Vulnetix · Advisory published May 15, 2026
A directory traversal vulnerability in an undisclosed iControl REST endpoint in Appliance mode may allow an authenticated administrator to bypass security boundaries and delete files.

Weaknesses (CWE)

CWE-416Use After FreeCWE-352Cross-Site Request Forgery (CSRF)CWE-35Path Traversal: '.../...//'CWE-312Cleartext Storage of Sensitive InformationCWE-250Execution with Unnecessary PrivilegesCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-266Incorrect Privilege AssignmentCWE-772Missing Release of Resource after Effective LifetimeCWE-824Access of Uninitialized PointerCWE-272Least Privilege ViolationCWE-252Unchecked Return ValueCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-770Allocation of Resources Without Limits or ThrottlingCWE-420Unprotected Alternate ChannelCWE-732Incorrect Permission Assignment for Critical ResourceCWE-131Incorrect Calculation of Buffer SizeCWE-552Files or Directories Accessible to External PartiesCWE-643Improper Neutralization of Data within XPath Expressions ('XPath Injection')CWE-532Insertion of Sensitive Information into Log FileCWE-648Incorrect Use of Privileged APIsCWE-121Stack-based Buffer OverflowCWE-502Deserialization of Untrusted DataCWE-267Privilege Defined With Unsafe ActionsCWE-476NULL Pointer DereferenceCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')

Risk Scores

CVSS 3.1
6.8/10
Medium · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
F5vers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›