CVE-2026-6865— Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6865
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products
Source: NVD (National Vulnerability Database)
Vulnerability Description
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU都是法国施耐德电气(Schneider Electric)公司的一款远程终端设备。 Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU存在路径遍历漏洞,该漏洞源于路径名限制不当,可能导致用户提供的输入在服务器端文件路径处理中处理不当,造成未授权访问敏感文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Schneider Electric | EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller | Versions 11.06.31 and prior | - | |
| Schneider Electric | Saitel DP Remote Terminal Unit & Controller | Versions 11.06.36 and prior | - |
II. Public POCs for CVE-2026-6865
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6865
请登录查看更多情报信息。
Same Patch Batch · Schneider Electric · 2026-05-12 · 3 CVEs total
| CVE-2026-6866 | Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel | |
| CVE-2026-4827 | Insufficient Entropy vulnerability on Multiple Products |
IV. Related Vulnerabilities
Same vendor: Schneider Electric
- CVE-2026-6332
Clear Text Storage of Sensitive Information on EcoStruxure™ - CVE-2026-6866
Initialization of a Resource with an Insecure Default vulner - CVE-2026-4827
Insufficient Entropy vulnerability on Multiple Products - CVE-2026-2401
Schneider Electric PowerChute Serial Shutdown 日志信息泄露漏洞 - CVE-2026-2400
Schneider Electric PowerChute Serial Shutdown 注入漏洞
Same weakness: CWE-22
- CVE-2026-44565
Open WebUI: Open WebUI Arbitrary File Write, Delete via Path - CVE-2026-44566
Open WebUI: Arbitrary File Upload and Path Traversal - CVE-2026-46383
Microsoft APM: Windows absolute-path tar member overwrite du - CVE-2026-44641
Microsoft APM: plugin.json component paths escape plugin roo - CVE-2026-41552
Path Traversal in PDF Export Module
V. Comments for CVE-2026-6865
No comments yet