High severity7.5NVD Advisory· Published Mar 13, 2026· Updated Apr 23, 2026

CVE-2026-22199

Description

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.

Affected products

Gvectors/Wpdiscuz
cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*
Range: <7.6.47

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txtnvd
voltronicpower.comnvd
www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/nvd
www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-path-traversal-via-upload-cginvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000