What is GHSA-8584-g8g6-7rhx?

GHSA-8584-g8g6-7rhx is a security advisory published by GitHub Security Advisories with High severity. ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This...

Which CVE IDs does GHSA-8584-g8g6-7rhx cover?

GHSA-8584-g8g6-7rhx covers the following CVE IDs: CVE-2026-9778. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-8584-g8g6-7rhx?

GHSA-8584-g8g6-7rhx has a CVSS v3 base score of 7.2, published by GitHub Security Advisories.

GHSA-8584-g8g6-7rhxHighCVSS 7.2

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This...

Vendor

GitHub Security Advisories

Published

June 25, 2026

Last Modified

June 25, 2026

🔗 CVE IDs covered (1)

CVE-2026-9778 →

📋 Description

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability.

The specific flaw exists within the ImportDeviceList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-28579.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-9778
https://www.aten.com/global/en/supportcenter/info/security-advisory/31
https://www.zerodayinitiative.com/advisories/ZDI-26-382
https://github.com/advisories/GHSA-8584-g8g6-7rhx