Path Traversal in Zwickroell Gmbh & Co. Kg Test Data Management

CVE-2026-29522

ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware p…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (35.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References