Back to CVE List

CVE-2026-9508

Vulnerability Description

Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly download backup ZIP files via ‘http(s)://[server]/download/…’ without requiring authentication. This exposes highly sensitive information that can lead to server impersonation, unauthorized access to databases, and lateral movement.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-732
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!