{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-8464: Path traversal in Neuron Soft Golem OEE MES","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-8464","status":"final","version":"1","initial_release_date":"2026-06-11T10:32:23.977Z","current_release_date":"2026-06-11T12:13:26.247Z","revision_history":[{"date":"2026-06-11T10:32:23.977Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.\nThis issue has been fixed in versionĀ 11.6.0","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-8464 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-8464"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-8464"},{"category":"external","summary":"neuron.com.pl","url":"https://www.neuron.com.pl/mes-help/mes-download.html"},{"category":"external","summary":"cert.pl","url":"https://cert.pl/posts/2026/06/CVE-2026-8464"}]},"product_tree":{"branches":[{"category":"vendor","name":"Neuron Soft","branches":[{"category":"product_name","name":"Golem OEE MES","branches":[{"category":"product_version_range","name":"<11.6.0","product":{"name":"Neuron Soft Golem OEE MES <11.6.0","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:neuron_soft:golem_oee_mes:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-8464","title":"Path traversal in Neuron Soft Golem OEE MES","notes":[{"category":"description","text":"Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.\nThis issue has been fixed in versionĀ 11.6.0","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N","baseScore":8.3,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 11.6.0.","product_ids":["CSAFPID-1"]}]}]}