CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.

Credits

Daniel Hulliger from Armasuisse Cyber-Defence campus.
Damian Pfammatter from Armasuisse Cyber-Defence campus.
Adrien Rey from Armasuisse Cyber Defense Campus Zurich

References