Vulnerabilities ›

CVE-2026-8215

Medium

CWE-22 — Weakness Type

                    Published: May 10, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-8215 is a path traversal vulnerability in IAS Canias ERP 8.03 affecting the RMI Interface component, allowing remote attackers to manipulate file paths through the m_strSourceFileName argument. The vulnerability has been publicly disclosed with no vendor response, posing a medium-level risk to organizations using this ERP system.

📄 Description (Arabic)

ثغرة المسار المتقاطع في نظام IAS Canias ERP 8.03 تسمح للمهاجمين البعيدين بالوصول إلى الملفات غير المصرح بها من خلال معالجة معامل m_strSourceFileName في واجهة RMI. تم الكشف عن هذه الثغرة علناً ولم يستجب البائع لأي إجراء إصلاحي.

🤖 ملخص تنفيذي (AI)

This path traversal vulnerability in IAS Canias ERP 8.03 allows remote attackers to access unauthorized files by manipulating the m_strSourceFileName parameter in the RMI Interface. The lack of vendor response and public disclosure increase the risk for affected Saudi organizations.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

manufacturing energy government

🎯 MITRE ATT&CK Techniques

T1083 T1021

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade IAS Canias ERP to a patched version if available; implement network segmentation to restrict RMI Interface access; apply input validation and sanitization for file path parameters; monitor and log all RMI Interface requests; consider disabling RMI Interface if not required; implement Web Application Firewall (WAF) rules to detect path traversal attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية نظام IAS Canias ERP إلى نسخة معدلة فوراً إن توفرت؛ طبق تقسيم الشبكة لتقييد الوصول إلى واجهة RMI؛ طبق التحقق من صحة المدخلات وتنظيفها لمعاملات مسارات الملفات؛ راقب وسجل جميع طلبات واجهة RMI؛ فكر في تعطيل واجهة RMI إذا لم تكن مطلوبة؛ طبق قواعد جدار الحماية لتطبيقات الويب للكشف عن محاولات المسار المتقاطع.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.9.1.1 A.9.2.1 A.9.4.1

🔵 SAMA CSF

ID.RA-1 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.6.1.1 A.13.1.1 A.14.1.1

🔗 References & Sources 4

🔗

https://gist.github.com/0xb1lal/3885c69998516685e3ea833403b9db2b

cna@vuldb.com

🔗

https://vuldb.com/submit/808242

cna@vuldb.com

🔗

https://vuldb.com/vuln/362432

cna@vuldb.com

🔗

https://vuldb.com/vuln/362432/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-22

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-05-10

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-8215

💬 Comments

Introduce Yourself

Sign In Required