{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7766", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-05-04T10:01:33.811Z", "datePublished": "2026-05-25T11:16:22.837Z", "dateUpdated": "2026-05-26T15:58:54.905Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230TAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5230DAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260TZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260DZAS-IL-G3", "vendor": "Kenik", "versions": [{"lessThan": "2025-04-21", "status": "affected", "version": "0", "versionType": "date"}]}, {"defaultStatus": "unaffected", "product": "KG-5260xxxx-IL-(G)2", "vendor": "Kenik", "versions": [{"lessThan": "2026-04-23", "status": "affected", "version": "0", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u0141ukasz Bawolski (Exea Data Center)"}], "datePublic": "2026-05-25T07:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.<br><br>The issue was fixed in version 2026-04-23 of the&nbsp;KG-5260xxxx-IL-(G)2 cameras.<br>Rest of the products were fixed in version&nbsp;2025-04-21."}], "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T11:16:22.837Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2026/05/CVE-2026-7766"}], "source": {"discovery": "EXTERNAL"}, "title": "Path Traversal in Kenik cameras", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T15:58:49.646754Z", "id": "CVE-2026-7766", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:58:54.905Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7766", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-26T15:58:49.646754Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:58:52.029Z"}}], "cna": {"title": "Path Traversal in Kenik cameras", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "\u0141ukasz Bawolski (Exea Data Center)"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kenik", "product": "KG-5230TAS-IL-3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5230TAS-IL-G3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5230DAS-IL-G3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5260TZAS-IL-3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5260DZAS-IL-3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5260TZAS-IL-G3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5260DZAS-IL-G3", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-21", "versionType": "date"}], "defaultStatus": "unaffected"}, {"vendor": "Kenik", "product": "KG-5260xxxx-IL-(G)2", "versions": [{"status": "affected", "version": "0", "lessThan": "2026-04-23", "versionType": "date"}], "defaultStatus": "unaffected"}], "datePublic": "2026-05-25T07:40:00.000Z", "references": [{"url": "https://cert.pl/posts/2026/05/CVE-2026-7766", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21.", "supportingMedia": [{"type": "text/html", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.<br><br>The issue was fixed in version 2026-04-23 of the&nbsp;KG-5260xxxx-IL-(G)2 cameras.<br>Rest of the products were fixed in version&nbsp;2025-04-21.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T11:16:22.837Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7766", "state": "PUBLISHED", "dateUpdated": "2026-05-26T15:58:54.905Z", "dateReserved": "2026-05-04T10:01:33.811Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2026-05-25T11:16:22.837Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server.\n\nThe issue was fixed in version 2026-04-23 of the\u00a0KG-5260xxxx-IL-(G)2 cameras.\nRest of the products were fixed in version\u00a02025-04-21."}], "id": "CVE-2026-7766", "lastModified": "2026-05-26T19:59:22.323", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2026-05-25T13:16:26.193", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/posts/2026/05/CVE-2026-7766"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cvd@cert.pl", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5230DAS-IL-G3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5230das-il-g3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5230TAS-IL-3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5230tas-il-3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5230TAS-IL-G3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5230tas-il-g3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5260DZAS-IL-3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5260dzas-il-3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5260DZAS-IL-G3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5260dzas-il-g3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5260TZAS-IL-3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5260tzas-il-3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025-04-21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5260TZAS-IL-G3", "source": "cna", "vendor": "Kenik"}, "product": "kg-5260tzas-il-g3", "vendor": "kenik"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026-04-23)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "KG-5260xxxx-IL-(G)2", "source": "cna", "vendor": "Kenik"}, "product": "kg-5260xxxx-il-(g)2", "vendor": "kenik"}], "created": "2026-05-25T13:30:26.267930+00:00", "updated": "2026-05-26T13:00:55.962514+00:00", "vendors": ["kenik", "kenik$PRODUCT$kg-5230das-il-g3", "kenik$PRODUCT$kg-5230tas-il-3", "kenik$PRODUCT$kg-5230tas-il-g3", "kenik$PRODUCT$kg-5260dzas-il-3", "kenik$PRODUCT$kg-5260dzas-il-g3", "kenik$PRODUCT$kg-5260tzas-il-3", "kenik$PRODUCT$kg-5260tzas-il-g3", "kenik$PRODUCT$kg-5260xxxx-il-(g)2"]}