cvedb.io
CVE-2026-36829
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-05-19T17:16:22.210 · Last modified 2026-06-17T10:41:21.840

Summary

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.