Path Traversal Vulnerability in SINEC INS by Siemens
CVE-2026-46747

5.3MEDIUM

Key Information:

Vendor

Siemens

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-46747?

A vulnerability exists in the SINEC INS application that fails to properly sanitize the path input in the /api/sftp/uploadFiles endpoint, which is used for directory listing. This flaw allows an attacker to exploit crafted input to perform path traversal, potentially gaining access to unauthorized locations within the file system. By leveraging this vulnerability, sensitive files may be exposed, leading to data breaches. It is crucial for administrators to update to the latest version to mitigate the risks associated with this issue.

Affected Version(s)

SINEC INS 0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.