Path Traversal Vulnerability in SINEC INS by Siemens
CVE-2026-46747
5.3MEDIUM
What is CVE-2026-46747?
A vulnerability exists in the SINEC INS application that fails to properly sanitize the path input in the /api/sftp/uploadFiles endpoint, which is used for directory listing. This flaw allows an attacker to exploit crafted input to perform path traversal, potentially gaining access to unauthorized locations within the file system. By leveraging this vulnerability, sensitive files may be exposed, leading to data breaches. It is crucial for administrators to update to the latest version to mitigate the risks associated with this issue.
Affected Version(s)
SINEC INS 0