Vulnerability in Suprema Biostar 2 (Server)
CVE-2026-9508
Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerabil…
EPSS: 0.001 (23.4th percentile) — read the EPSS interpretation.
Affected products
- Suprema Biostar 2 (Server) — versions v2.9.3, v2.9.12
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)