CVE-2026-9550— Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Acrel Electrical | EEMS Enterprise Power Operation and Maintenance Cloud Platform | 1.3.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9550
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform是中国安科瑞(Acrel)公司的一个电力运维云平台。 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0版本存在路径遍历漏洞,该漏洞源于文件/SubstationWEBV2/app/..;/main/upfile中未知功能对参数pa
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Acrel Electrical | EEMS Enterprise Power Operation and Maintenance Cloud Platform | 1.3.0 | cpe:2.3:a:acrel_electrical:eems_enterprise_power_operation_and_maintenance_cloud_platform:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-9550
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9550
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-9550 (1)
IV. Related Vulnerabilities
Same vendor: Acrel Electrical
- CVE-2026-9523
Acrel Electrical EEMS Enterprise Power Operation and Mainten - CVE-2026-7696
Acrel Electrical EEMS Enterprise Power Operation and Mainten - CVE-2026-7695
Acrel Electrical EEMS Enterprise Power Operation and Mainten - CVE-2026-7694
Acrel Electrical ECEMS Enterprise Microgrid Energy Efficienc - CVE-2026-5601
Acrel Electrical Prepaid Cloud Platform Backup File bin.rar
Same weakness: CWE-22
- CVE-2026-8442
WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) - CVE-2026-49766
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File - CVE-2026-49061
WordPress WPC Product Options for WooCommerce plugin <= 3.2. - CVE-2026-40779
WordPress Link Library plugin <= 7.8.8 - Arbitrary File Dele - CVE-2026-40769
WordPress Contact Form Extender for Divi – Save Entries, Fil
V. Comments for CVE-2026-9550
No comments yet