ATEN Unizon updateLicense Directory Traversal Vulnerability (CVE-2026-9774) Allows Arbitrary File Deletion
A directory traversal vulnerability in ATEN Unizon, tracked as CVE-2026-9774 with a CVSS score of 5.5, allows authenticated remote attackers to delete arbitrary files via the updateLicense function.
The Zero Day Initiative (ZDI) has disclosed a directory traversal vulnerability in ATEN Unizon, a centralized management platform for ATEN's KVM switches and other IT infrastructure. Tracked as CVE-2026-9774 and assigned a CVSS score of 5.5, the flaw resides in the updateLicense method and allows authenticated remote attackers to delete arbitrary files on affected systems.
The vulnerability stems from improper validation of user-supplied paths before they are used in file operations. Specifically, the updateLicense method fails to sanitize path input, enabling an attacker to traverse directories and delete files outside the intended scope. This could lead to denial-of-service conditions or disruption of critical system functionality.
ATEN has issued a security update to address this vulnerability, as detailed in their advisory available at ATEN's support center. Users are strongly advised to apply the patch promptly to mitigate the risk. The disclosure timeline indicates the vulnerability was reported to ATEN on March 13, 2026, with the coordinated public release occurring on June 24, 2026.
The flaw was discovered and reported by researcher Ahmed Y. Elmogy, who received credit in the ZDI advisory. While the vulnerability requires authentication, its impact is significant for organizations relying on ATEN Unizon for centralized device management, as an attacker could delete configuration files, logs, or other critical data.
This disclosure is part of a series of vulnerabilities found in ATEN Unizon, including other directory traversal flaws (CVE-2026-9775, CVE-2026-9776, CVE-2026-9777, CVE-2026-9778) that range from information disclosure to remote code execution. The cumulative risk underscores the importance of keeping the platform updated and applying security patches as they become available.
Organizations using ATEN Unizon should prioritize applying the vendor's update and review their security posture for any signs of exploitation. While no active exploitation has been reported, the availability of proof-of-concept code could increase the threat landscape. As with all directory traversal vulnerabilities, proper input validation and least-privilege access controls are essential defenses.