CVE-2026-11847— Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion
Possible ATT&CK Techniques 1AI
T1083 · File and Directory DiscoveryAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IEI Integration Corp | iVEC TANK-XM811 | < 1.0.4 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11847
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion
Source: NVD (National Vulnerability Database)
Vulnerability Description
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
IEI Integration Corp iVEC TANK-XM811 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IEI Integration Corp iVEC TANK-XM811是中国IEI Integration Corp公司的一个嵌入式服务器。 IEI Integration Corp iVEC TANK-XM811 1.0.4之前版本存在路径遍历漏洞,该漏洞源于路径遍历问题,可能导致经过身份验证的远程攻击者在非预期的系统路径中创建目录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IEI Integration Corp | iVEC TANK-XM811 | 0 ~ 1.0.4 | - |
II. Public POCs for CVE-2026-11847
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11847
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-11847 (2)
Same Patch Batch · IEI Integration Corp · 2026-06-12 · 6 CVEs total
| CVE-2026-11849 | 9.8 CRITICAL | IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials |
| CVE-2026-11846 | 8.1 HIGH | IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Deletion |
| CVE-2026-11845 | 7.2 HIGH | IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - OS Command Injection |
| CVE-2026-11848 | 5.3 MEDIUM | IEI Integration Corp| iRM-IEI Remote Management - Missing Authentication |
| CVE-2026-11844 | 4.9 MEDIUM | IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Read |
IV. Related Vulnerabilities
Same vendor: IEI Integration Corp
- CVE-2026-11849
IEI Integration Corp|iRM-IEI Remote Management - Hard-coded - CVE-2026-11848
IEI Integration Corp| iRM-IEI Remote Management - Missing Au - CVE-2026-11846
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - - CVE-2026-11845
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - - CVE-2026-11844
IEI Integration Corp|iVEC-IEI Virtualization Edge Computer -
Same weakness: CWE-22
- CVE-2026-48129
Kestra task inputFiles accepts traversal filenames for worke - CVE-2026-49342
YARD static cache reads raw traversal paths before router sa - CVE-2026-49340
gonic has arbitrary file write in createPlaylist: any authen - CVE-2026-49339
Path traversal in getPlaylist/deletePlaylist bypasses owners - CVE-2026-49290
Slopsmith has path traversal in archive extractors that allo
V. Comments for CVE-2026-11847
No comments yet