ATEN Unizon Directory Traversal Vulnerability (CVE-2026-9777) Allows Remote Code Execution
A directory traversal vulnerability in ATEN Unizon, tracked as CVE-2026-9777 with a CVSS score of 7.2, allows authenticated remote attackers to execute arbitrary code at the SYSTEM level.
A new directory traversal vulnerability has been disclosed in ATEN Unizon, a centralized management platform for ATEN's KVM switches and serial console servers. Tracked as CVE-2026-9777 and published by the Zero Day Initiative (ZDI-26-381), the flaw carries a CVSS score of 7.2 and allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges.
The vulnerability resides in the restoreDB method of ATEN Unizon. The issue stems from the software's failure to properly validate a user-supplied path before using it in file operations. An attacker who has already obtained valid credentials can exploit this lack of validation to traverse directories and write malicious files to arbitrary locations on the system, ultimately achieving remote code execution at the highest privilege level.
ATEN Unizon is widely deployed in data centers and enterprise environments to manage KVM-over-IP and serial console infrastructure. While authentication is required to exploit CVE-2026-9777, the severity is elevated because an attacker who compromises a single set of credentials—or leverages a separate authentication bypass—can escalate to full system compromise. The flaw is particularly dangerous in multi-tenant or shared-management scenarios.
ATEN has released a security update to address the vulnerability. The patch is available through ATEN's security advisory page at https://www.aten.com/global/en/supportcenter/info/security-advisory/30/. Users are strongly advised to apply the update immediately)Skip. The advisory was coordinated by ZDI and credited to researcher Ahmed Y. Elmogy, who reported the flaw on March 13, 2026.
This disclosure follows closely on the heels of another ATEN Unizon vulnerability, CVE-2026-9779, which was also published by ZDI and involves a cryptographic signature bypass in the same product. The back-to-back advisories suggest that ATEN's Unizon platform has been under active security scrutiny, and administrators should prioritize patching both flaws to reduce the attack surface.
Directory traversal vulnerabilities remain a common and dangerous class of bugs in enterprise management software. When combined with authentication bypass or credential theft, they can lead to full network compromise. Organizations using ATEN Unizon should verify that the latest patch is applied and review access controls to limit which accounts have administrative privileges on the platform.