CVE-2026-35081
Description
A vulnerability in the ugw-logstop method allows authenticated users to terminate arbitrary processes on affected UGW devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in the ugw-logstop method allows authenticated users to terminate arbitrary processes on affected UGW devices.
Vulnerability
The ugw-logstop method in the Universal Gateways (UGW) web GUI is affected by insufficient validation of user-supplied input, allowing authorized attackers to terminate system processes. This vulnerability affects version V6_0_0_5 and earlier [1].
Exploitation
An attacker with user privileges can exploit this vulnerability by sending a request to the ugw-logstop method with insufficient input validation. No specific user interaction or network position is mentioned, but authentication is required [1].
Impact
Successful exploitation allows an attacker to terminate arbitrary processes on the affected UGW device. This could lead to denial of service or disruption of critical building automation functions [1].
Mitigation
This vulnerability affects version V6_0_0_5 and earlier. A fixed version is not yet disclosed in the available references. Users are advised to consult the vendor for patch information [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.