{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7766", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-05-04T10:01:33.811Z", "datePublished": "2026-05-25T11:16:22.837Z", "dateUpdated": "2026-05-26T15:58:54.905Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230DAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260xxxx-IL-(G)2", "vendor": "Kenik", "versions": [{"lessThan": "2026-04-23", "status": "affected", "version": "0", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u0141ukasz Bawolski (Exea Data Center)"}], "datePublic": "2026-05-25T07:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.<br><br>The issue was fixed in version 2026-04-23 of the&nbsp;KG-5260xxxx-IL-(G)2 cameras.<br>Rest of the products were fixed in version&nbsp;2025-04-21."}], "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T11:16:22.837Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2026/05/CVE-2026-7766"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal in Kenik cameras", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T15:58:49.646754Z", "id": "CVE-2026-7766", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:58:54.905Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7766", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-05-04T10:01:33.811Z", "datePublished": "2026-05-25T11:16:22.837Z", "dateUpdated": "2026-05-26T15:58:54.905Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230DAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260xxxx-IL-(G)2", "vendor": "Kenik", "versions": [{"lessThan": "2026-04-23", "status": "affected", "version": "0", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u0141ukasz Bawolski (Exea Data Center)"}], "datePublic": "2026-05-25T07:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.<br><br>The issue was fixed in version 2026-04-23 of the&nbsp;KG-5260xxxx-IL-(G)2 cameras.<br>Rest of the products were fixed in version&nbsp;2025-04-21."}], "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T11:16:22.837Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2026/05/CVE-2026-7766"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal in Kenik cameras", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7766", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-26T15:58:49.646754Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:58:52.029Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21."}], "id": "CVE-2026-7766", "lastModified": "2026-05-26T19:59:22.323", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-05-25T13:16:26.193", "references": [{"source": "[email protected]", "url": "https://cert.pl/posts/2026/05/CVE-2026-7766"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}

{}