CVE-2026-35082
Description
Remote attackers with user privileges can access arbitrary local files in UGW web GUI via insufficient input validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote attackers with user privileges can access arbitrary local files in UGW web GUI via insufficient input validation.
Vulnerability
The ugw-logread method in the Universal Gateways (UGW) web GUI is affected by insufficient input validation and a lack of bounds checking. This vulnerability allows authorized attackers to include local files. The affected versions are V6_0_0_5 and earlier [1].
Exploitation
An attacker with user privileges needs to call the ugw-logread method. By supplying insufficient validated input, the attacker can trigger the vulnerability to access local files [1].
Impact
Successful exploitation allows an attacker to read arbitrary local files on the affected system. This could lead to the disclosure of sensitive information. The exact scope of the compromise is not detailed beyond file access [1].
Mitigation
Versions V6_0_0_5 and earlier are affected. A fixed version is not yet disclosed in the available references. No workarounds are currently published [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.