CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.

Credits

Daniel Hulliger from Armasuisse Cyber-Defence campus.
Damian Pfammatter from Armasuisse Cyber-Defence campus.
Adrien Rey from Armasuisse Cyber Defense Campus Zurich

References