CVE-2026-7852: Unrestricted File Upload in Limatek's LimRAD NAC
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue affects LimRAD NAC: before 5.5.7.3.9.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- 5.5.7.3.9
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An unrestricted file upload vulnerability in Limatek System Inc. LimRAD NAC allows an unauthenticated remote attacker to upload and execute arbitrary files on the server. The vulnerability is reachable over the network and requires no credentials or user interaction, as reflected in the CVSS vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation gives the attacker full remote code execution, with high impact across confidentiality, integrity, and availability. A patched-image rebuild at version 5.5.7.3.9 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that incorporate LimRAD NAC. Any image with an affected version (before 5.5.7.3.9) is flagged automatically.
AvailableHarborGuard scores this CVE at 9.8 CRITICAL using the published CVSS v3.1 vector and weights it against each customer environment's compliance policy to determine priority and routing. Findings are delivered to the appropriate team inbox within each customer organization based on configured escalation rules.
AvailableA patched-image rebuild at version 5.5.7.3.9 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.
AvailableExploit Conditions
- Network reachabilityRequired
The vulnerable upload endpoint is exposed over the network, so the attacker must be able to reach the service via a standard network connection.
- AuthenticationNot required
No credentials of any kind are required; the upload functionality is accessible to unauthenticated requests.
- Victim interactionNot required
The attacker completes the exploit entirely on their own with no action needed from any user of the system.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, special memory layout, or any other environmental prerequisite.
Blast Radius
- A successful attacker executes arbitrary server-side code by uploading a malicious file and triggering its inclusion, gaining a remote shell on the host.
- The attacker reads all data accessible to the application process, including stored credentials, session tokens, and NAC policy records.
- The attacker modifies or deletes NAC configuration, access control policies, and persisted application data.
- The attacker can crash or otherwise disable the LimRAD NAC service, disrupting network access control enforcement for the affected environment.
How HarborGuard Handles This
Available on HarborGuard: detection against this CRITICAL-severity CVE is active for all scanned images, and a patched-image rebuild at version 5.5.7.3.9 is prepared for any environment where an affected image is identified. For customers who opt into auto-remediation, HarborGuard performs the rebuild, executes a regression run, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual approval, the finding is surfaced as a high-priority item routed to the configured team inbox for prompt review and remediation.
Fix available
- Limatek System Inc. / LimRAD NAC< 5.5.7.3.9 (from 0)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H