CVE-2026-2331 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 9, 2026
AppEngine - Unrestricted File Access
Overview
AppEngine contains an unrestricted file access vulnerability caused by improper access restrictions in the HTTP-based file access feature, letting unauthenticated attackers read and write sensitive filesystem areas, exploit requires no authentication.
Severity & Score
Impact
Unauthenticated attackers can read and modify sensitive files and execute arbitrary Lua code, potentially compromising application settings and environment.
Mitigation
Update to the latest version with proper access restrictions.
References
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json
- https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
- https://www.sick.com/psirt
Social Media Activity(2 posts)
š“ CRITICAL: CVE-2026-2331 in SICK Lector85x v2.6.0 allows unauthenticated HTTP access to sensitive files & Lua code execution. No patch yet ā segment networks & restrict HTTP access. Monitor for abuse! https://radar.offseq.com/threat/cve-2026-2331-cwe-552-files-or-directories-accessi-5e67b9ed #OffSeq #ICS #Vuln #OTSecurity
View original post
š“ CVE-2026-2331 - Critical (9.8) An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTT... š https://www.thehackerwire.com/vulnerability/CVE-2026-2331/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-2331
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- unrestricted_file_upload
- Status
- unconfirmed
- EPSS
- 16.7%
- Social Posts
- 2
CWE
- CWE-552
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H