THREAT OPS › Threat News › ZDI-26-378: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability
ZDI-26-378: ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2026-9774.
MITRE ATT&CK techniques
- File DeletionT1070.004
Indicators of compromise
- CVE-2026-9774cve
Original source: http://www.zerodayinitiative.com/advisories/ZDI-26-378/