CVE-2026-2328 in WAGO Device Sphere
Summary
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.
Responsible
CERTVDE
Reservation
02/11/2026
Disclosure
03/30/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354153 | WAGO Device Sphere/Solution Builder improper filtering of special elements | 790 | 6.4 | 6.3 | $0-$5k | $0-$5k | Not defined | 0.00000 | 4.15 | Official fix | CVE-2026-2328 |