CVE-2026-11844— IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Read
Possible ATT&CK Techniques 3AI
T1005 · Data from Local System T1083 · File and Directory Discovery T1552.003 · Shell HistoryAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IEI Integration Corp | iVEC TANK-XM811 | < 1.0.4 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11844
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Read
Source: NVD (National Vulnerability Database)
Vulnerability Description
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
IEI Integration Corp iVEC TANK-XM811 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IEI Integration Corp iVEC TANK-XM811是中国IEI Integration Corp公司的一个嵌入式服务器。 IEI Integration Corp iVEC TANK-XM811 1.0.4之前版本存在路径遍历漏洞,该漏洞源于任意文件读取问题,可能导致具有特权的远程攻击者访问预期目录范围之外的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IEI Integration Corp | iVEC TANK-XM811 | 0 ~ 1.0.4 | - |
II. Public POCs for CVE-2026-11844
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11844
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-11844 (2)
Same Patch Batch · IEI Integration Corp · 2026-06-12 · 6 CVEs total
| CVE-2026-11849 | 9.8 CRITICAL | IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials |
| CVE-2026-11846 | 8.1 HIGH | IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion |
| CVE-2026-11845 | 7.2 HIGH | IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - OS Command Injection |
| CVE-2026-11848 | 5.3 MEDIUM | IEI Integration Corp| iRM-IEI Remote Management - Missing Authentication |
| CVE-2026-11847 | 4.3 MEDIUM | Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion |
IV. Related Vulnerabilities
Same vendor: IEI Integration Corp
- CVE-2026-11849
IEI Integration Corp|iRM-IEI Remote Management - Hard-coded - CVE-2026-11848
IEI Integration Corp| iRM-IEI Remote Management - Missing Au - CVE-2026-11847
Integration Corp|iVEC-IEI Virtualization Edge Computer - Arb - CVE-2026-11846
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - - CVE-2026-11845
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer -
Same weakness: CWE-22
- CVE-2026-54557
mise HTTP backend uses raw version path for install symlink - CVE-2026-56876
extract-zip unvalidated symlink path traversal - CVE-2026-55677
Echo: Encoded slash (%2F) bypasses route-level protection an - CVE-2026-57321
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vul - CVE-2026-56066
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbi
V. Comments for CVE-2026-11844
No comments yet