Ziostation2 Path Traversal Exposes Sensitive OS Info

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitypath-traversalcwe-22
Ziostation2 Path Traversal Exposes Sensitive OS Info

The National Vulnerability Database (NVD) has documented CVE-2026-40062, a critical path traversal vulnerability impacting Ziostation2 versions 2.9.8.7 and earlier. This flaw, rated with a CVSS score of 7.5 (HIGH), allows a remote, unauthenticated attacker to access sensitive information on the underlying operating system.

The core issue, categorized as CWE-22 (Path Traversal), enables attackers to bypass directory restrictions and access arbitrary files. For Ziostation2 users, this means a threat actor could potentially exfiltrate configuration files, user data, or system credentials without needing any prior authentication, leading to significant data exposure and potential further compromise.

This vulnerability highlights the persistent risk of fundamental input validation failures. CISOs and security teams must recognize that even seemingly minor traversal flaws can lead to severe information disclosure, providing attackers with the intelligence needed for deeper network penetration. Defenders need to assume unauthenticated access is a constant threat vector.

What This Means For You

  • If your organization uses Ziostation2, especially for critical medical imaging or data management, you must immediately identify all instances running version 2.9.8.7 or earlier. Prioritize patching or isolating these systems to prevent unauthenticated information disclosure. Audit logs for any anomalous file access patterns or unauthorized data exfiltration attempts.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1083 File and Directory Discovery Discovery

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

Ziostation2 Path Traversal for OS Info Disclosure - CVE-2026-40062

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40062 Path Traversal Ziostation2 v2.9.8.7 and earlier
CVE-2026-40062 Information Disclosure Sensitive information disclosure on the operating system

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 03:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Apple Patches Critical Notification Data Leak Vulnerability

Apple has issued urgent updates to address CVE-2026-28950, a critical vulnerability within its notification management system. As reported by Cyber Updates - Asher Tamam, this...

israelvulnerability
/SCW Vulnerability Desk /MEDIUM /⚑ 4 IOCs /⚙ 3 Sigma

Critical RCE Flaw in Breeze Cache WordPress Plugin

CVE-2026-3844 — The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-434
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-2951 — Cross-Site Scripting (XSS)

CVE-2026-2951 — The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up...

vulnerabilityCVEmedium-severitycross-site-scripting-xsscwe-79
/SCW Vulnerability Desk /MEDIUM /5.4 /⚑ 2 IOCs /⚙ 3 Sigma