Medium severity6.2NVD Advisory· Published Mar 16, 2026· Updated Apr 15, 2026

CVE-2016-20029

Description

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including configuration files, source code, and protected application resources.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2016090001nvd
exchange.xforce.ibmcloud.com/vulnerabilities/116489nvd
packetstormsecurity.com/files/138570nvd
www.exploit-db.com/exploits/40326/nvd
www.vulncheck.com/advisories/zkteco-zkbiosecurity-file-path-manipulation-vulnerabilitynvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.403
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000