What is CVE-2026-22199?

CVE-2026-22199 is a high-severity vulnerability in Voltronic Power Snmp Web Pro, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-03-13.

How severe is CVE-2026-22199?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Voltronic Power Snmp Web Pro

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory tr…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (38.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Voltronic Power Snmp Web Pro — versions 1.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22192-22199_Voltronic-Power_… (technical-description)
www.boffsec-services.com/posts/sicuroweb-cve-2026-22191/ (technical-description)
voltronicpower.com/ (product)
www.vulncheck.com/advisories/voltronic-power-snmp-web-pro-path-traversal-via-up… (third-party-advisory)

Frequently asked questions

What is CVE-2026-22199?: CVE-2026-22199 is a high-severity vulnerability in Voltronic Power Snmp Web Pro, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-03-13.
How severe is CVE-2026-22199?: High severity. CVSS v3 base score is 7.5 out of 10.