Critical Cryptographic Signature Bypass in ATEN Unizon Allows Remote Code Execution (CVE-2026-9779)
A high-severity cryptographic signature verification flaw in ATEN Unizon, tracked as CVE-2026-9779 with a CVSS score of 7.2, allows authenticated remote attackers to execute arbitrary code at the SYSTEM level.
ATEN has disclosed a critical security vulnerability in its Unizon product line that could allow authenticated remote attackers to achieve full system compromise. The flaw, designated CVE-2026-9779 and published as ZDI-26-383 by the Zero Day Initiative, carries a CVSS score of 7.2 and stems from improper cryptographic signature verification in the doCryptoHugeFileToFile function.
The vulnerability resides specifically within the updateWar method. The code fails to correctly validate digital signatures before performing operations on update packages. An attacker who has already gained authentication to an affected ATEN Unizon installation can exploit this weakness by supplying a crafted file with a forged or invalid cryptographic signature, which the system mistakenly accepts as legitimate.
The impact is severe: successful exploitation allows an attacker to execute arbitrary code in the context of the SYSTEM account, the highest privilege level on Windows-based installations. This means an attacker could install programs, view, change, or delete data, or create new accounts with full user rights. ATEN Unizon is a centralized management platform used to control and monitor ATEN KVM switches, power distribution units, and other data-center infrastructure, making a successful breach potentially disruptive to operations.
ATEN has released a security update to correct the vulnerability. The patch is available on ATEN's security advisory page at ATEN Security Advisory. Users of ATEN Unizon are urged to apply the update as soon as possible. The vulnerability was reported to ATEN on March 13, 2026, with coordinated public disclosure occurring on June 24, 2026.
The researcher credited with discovering the flaw, Ahmed Y. Elmogy, provided details that allowed ATEN and ZDI to coordinate the responsible disclosure. While authentication is required to exploit CVE-2026-9779, the breadth of the SYSTEM-level impact and the critical role of ATEN Unizon in data-center management make this a significant threat that should not be overlooked. The incident underscores the ongoing importance of proper cryptographic verification in enterprise management software, where even minor omissions can lead to complete system takeovers.