HarborGuard / CVE
Back to search
CRITICALCVE-2026-36829Published Modified CNA mitre

CVE-2026-36829: An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1
Affected packages
  • n/a / n/a
    n/a
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-36829: An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7 | HarborGuard CVE