How is CVE-2026-28701 exploited?

Network reachability (required): The attacker must reach the controller's firmware interface over the network; no local or physical access is required. Authentication (not-required): The vulnerability is exploitable without any credentials; unauthenticated remote users can trigger the path traversal directly. Victim interaction (not-required): No user action or social engineering is needed; the attacker sends a crafted request directly to the device. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions, memory layout knowledge, or special environmental factors are required.

What is the impact of CVE-2026-28701?

An attacker can read arbitrary files on the controller file system, including configuration files, credentials, and operational data. An attacker can modify arbitrary file system content, enabling tampering with controller configuration or firmware components. The controller's availability can be disrupted, potentially affecting connected display or signage infrastructure managed by the device.

Back to search

CRITICALCVE-2026-28701Published 2026-06-26Modified 2026-06-26CNA icscert

CVE-2026-28701: Daktronics Controller Firmware Path Traversal

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: v10.34.x.x
Affected Products: 3

HarborGuard Analysis

Synopsis

A path traversal vulnerability in Daktronics Controller Firmware (VFC-DMP-5000, DMP-5000, and DMP-8000) allows remote users, both authenticated and unauthenticated, to escape the intended directory and read arbitrary file system paths over the network. No credentials are required, and no victim interaction is needed, making this trivially reachable from any network-connected host. Successful exploitation exposes sensitive files on the controller, enables modification of arbitrary file system content, and can disrupt controller availability. Patched-image rebuilds at versions v10.34.x.x, v8.117.x.x, and v9.43.x.x are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection of CVE-2026-28701 is available across every HarborGuard environment; the CVE is ingested from upstream feeds including ICS-CERT advisories within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images derived from Daktronics firmware bases.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS v4.0 9.3 (Critical) and weighting it against each environment's compliance policy to determine escalation priority; findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at the fix versions (v10.34.x.x, v8.117.x.x, or v9.43.x.x depending on the affected branch) becomes available on HarborGuard as soon as a fixed base image is resolvable. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the controller's firmware interface over the network; no local or physical access is required.
AuthenticationNot required
The vulnerability is exploitable without any credentials; unauthenticated remote users can trigger the path traversal directly.
Victim interactionNot required
No user action or social engineering is needed; the attacker sends a crafted request directly to the device.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout knowledge, or special environmental factors are required.

Blast Radius

An attacker can read arbitrary files on the controller file system, including configuration files, credentials, and operational data.
An attacker can modify arbitrary file system content, enabling tampering with controller configuration or firmware components.
The controller's availability can be disrupted, potentially affecting connected display or signage infrastructure managed by the device.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-28701 is active across connected registries and pipelines and fires within minutes of image ingestion for any image built on an affected Daktronics firmware version. Given the Critical severity (CVSS v4.0 9.3) and zero-authentication network attack vector, this CVE is prioritized at the top of the remediation queue under standard HarborGuard compliance policy weighting. For customers with auto-remediation enabled, HarborGuard can rebuild images against the patched firmware branch (v10.34.x.x, v8.117.x.x, or v9.43.x.x as appropriate), run regression tests, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, HarborGuard surfaces the finding with recommended remediation steps and tracks patch uptake across affected image tags until the fixed version is confirmed deployed.

See how HarborGuard automates this

Fix available

v10.34.x.xv8.117.x.xv9.43.x.x

Affected packages

Daktronics / VFC-DMP-5000
< v8.117.x.x (from 0) · < v9.43.x.x (from 0) · < v10.34.x.x (from 0)
Daktronics / DMP-5000
< v10.34.x.x (from 0) · < v8.117.x.x (from 0) · < v9.43.x.x (from 0)
Daktronics / DMP-8000
< v10.34.x.x (from 0) · < v8.117.x.x (from 0) · < v9.43.x.x (from 0)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available