Directory Traversal Vulnerability in Daktronics Controller Firmware
CVE-2026-28701

9.3CRITICAL

Key Information:

Vendor: Daktronics
Status: Vfc-dmp-5000; Dmp-5000; Dmp-8000
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-28701?

Multiple iterations of Daktronics Controller Firmware contain a directory traversal vulnerability that could permit both authenticated and unauthenticated remote users to escape from the designated directory. This exploitation allows them to enumerate arbitrary file system paths, posing a significant threat to system integrity and data confidentiality. Immediate evaluation and remediation of affected systems are crucial to mitigate potential risks.

Affected Version(s)

DMP-5000 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Thomas Jou of Princeton University reported this vulnerability to CISA.

CVE-2026-28701 Data

JSON