📄 Description (English)
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
🤖 AI Executive Summary
CVE-2026-0805 is a high-severity path traversal vulnerability in Crafty Controller's Backup Configuration component that allows authenticated attackers to tamper with files and execute remote code. With a CVSS score of 8.2 and no public exploit currently available, this vulnerability poses significant risk to organizations using Crafty Controller for infrastructure management. Immediate patching is strongly recommended as the vulnerability requires only authentication, not elevated privileges.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 18:31
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using Crafty Controller for infrastructure and server management, particularly in: Government IT infrastructure (NCA, CITC), Banking sector (SAMA-regulated institutions managing backup systems), Energy sector (ARAMCO and downstream companies), Telecommunications (STC, Mobily infrastructure management), and Healthcare institutions managing critical backup configurations. The path traversal capability could allow attackers to access sensitive configuration files, modify backup integrity, or achieve code execution on critical infrastructure systems.
🏢 Affected Saudi Sectors
Government
Banking
Energy
Telecommunications
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:
- Identify all instances of Crafty Controller in your environment
- Restrict network access to Crafty Controller to authorized administrators only
- Review access logs for suspicious authenticated activity in the Backup Configuration component
- Implement network segmentation to isolate Crafty Controller from production systems
2. PATCHING GUIDANCE:
- Apply the latest security patch for Crafty Controller immediately
- Test patches in a non-production environment first
- Schedule patching during maintenance windows with minimal impact
- Verify patch installation by checking version numbers and security advisories
3. COMPENSATING CONTROLS (if patching delayed):
- Implement strict input validation and sanitization for all file paths in backup operations
- Use Web Application Firewall (WAF) rules to block path traversal patterns (../, ..\ sequences)
- Enable detailed logging and monitoring of all Backup Configuration operations
- Restrict file system permissions to prevent unauthorized access to sensitive directories
- Implement multi-factor authentication for Crafty Controller access
4. DETECTION RULES:
- Monitor for HTTP requests containing path traversal sequences in Backup Configuration endpoints
- Alert on unusual file access patterns from Crafty Controller processes
- Track failed and successful authentication attempts to Backup Configuration features
- Monitor for unexpected process execution originating from Crafty Controller service
- Log all backup configuration modifications with timestamp and user attribution
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:
- تحديد جميع نسخ Crafty Controller في بيئتك
- تقييد الوصول الشبكي إلى Crafty Controller للمسؤولين المصرحين فقط
- مراجعة سجلات الوصول للنشاط المريب من قبل المستخدمين المصرحين في مكون Backup Configuration
- تطبيق تقسيم الشبكة لعزل Crafty Controller عن أنظمة الإنتاج
2. إرشادات التصحيح:
- تطبيق أحدث تصحيح أمني لـ Crafty Controller فوراً
- اختبار التصحيحات في بيئة غير إنتاجية أولاً
- جدولة التصحيح خلال نوافذ الصيانة بأقل تأثير
- التحقق من تثبيت التصحيح بفحص أرقام الإصدار والمستشارات الأمنية
3. الضوابط البديلة (إذا تأخر التصحيح):
- تطبيق التحقق الصارم من صحة المدخلات وتنظيفها لجميع مسارات الملفات في عمليات النسخ الاحتياطي
- استخدام قواعد جدار الحماية لتطبيقات الويب لحجب أنماط اجتياز المسار
- تفعيل السجلات والمراقبة التفصيلية لجميع عمليات Backup Configuration
- تقييد صلاحيات نظام الملفات لمنع الوصول غير المصرح إلى الدلائل الحساسة
- تطبيق المصادقة متعددة العوامل لوصول Crafty Controller
4. قواعد الكشف:
- مراقبة طلبات HTTP التي تحتوي على أنماط اجتياز المسار في نقاط نهاية Backup Configuration
- تنبيهات على أنماط الوصول غير العادية للملفات من عمليات Crafty Controller
- تتبع محاولات المصادقة الفاشلة والناجحة لميزات Backup Configuration
- مراقبة تنفيذ العمليات غير المتوقعة من خدمة Crafty Controller
- تسجيل جميع تعديلات تكوين النسخ الاحتياطي مع الطابع الزمني وإسناد المستخدم
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies
ECC 2024 A.5.2.1 - User Registration and Access Rights Management
ECC 2024 A.5.3.1 - Password Management
ECC 2024 A.8.1.1 - Information Security Incident Management
ECC 2024 A.12.2.1 - Change Management
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software, Hardware and Services Inventory
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.AC-4 - Access Rights Management
SAMA CSF PR.IP-12 - Software Development Security
SAMA CSF DE.CM-8 - Vulnerability Scans
SAMA CSF RS.MI-2 - Incident Response Procedures
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.5.16 - Authentication
ISO 27001:2022 A.5.18 - Management of Privileged Access Rights
ISO 27001:2022 A.8.1 - Information Security Policies and Procedures
ISO 27001:2022 A.8.2 - Information Security Incident Management
ISO 27001:2022 A.8.6 - Management of Technical Vulnerabilities
🔗 References & Sources 1
📦 Affected Products / CPE 1 entries
craftycontrol:crafty_controller