CVE-2026-2331 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 6, 2026
AppEngine - Unrestricted File Access
Published: March 6, 2026Updated: March 6, 2026Remote Exploitable
Overview
AppEngine contains an unrestricted file access vulnerability caused by improper access restrictions in the HTTP-based file access feature, letting unauthenticated attackers read and write sensitive filesystem areas, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can read and modify sensitive files and execute arbitrary Lua code, potentially compromising application settings and environment.
Mitigation
Update to the latest version with proper access restrictions.
References
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- https://www.sick.com/psirt
Related Resources
Details
- CVE ID
- CVE-2026-2331
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- unrestricted_file_upload
- Status
- new
CWE
- CWE-552
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H