CVE-2026-6865— Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products

AI Predicted 7.5 Difficulty: Easy EPSS 0.06% · P17 Updated May 15, 2026

Possible ATT&CK Techniques 2AI

T1005 · Data from Local System T1083 · File and Directory Discovery

Affected Version Matrix 2

Vendor	Product	Version Range	Status
Schneider Electric	EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller	`Versions 11.06.31 and prior`	affected
Schneider Electric	Saitel DP Remote Terminal Unit & Controller	`Versions 11.06.36 and prior`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6865

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products

Source: NVD (National Vulnerability Database)

Vulnerability Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU都是法国施耐德电气（Schneider Electric）公司的一款远程终端设备。 Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU存在路径遍历漏洞，该漏洞源于路径名限制不当，可能导致用户提供的输入在服务器端文件路径处理中处理不当，造成未授权访问敏感文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Schneider Electric	EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller	Versions 11.06.31 and prior	-
Schneider Electric	Saitel DP Remote Terminal Unit & Controller	Versions 11.06.36 and prior	-

II. Public POCs for CVE-2026-6865

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-6865

请登录查看更多情报信息。

Same Patch Batch · Schneider Electric · 2026-05-12 · 3 CVEs total

CVE-2026-6866		Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel
CVE-2026-4827		Insufficient Entropy vulnerability on Multiple Products

IV. Related Vulnerabilities

Same vendor: Schneider Electric

Same weakness: CWE-22

V. Comments for CVE-2026-6865

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-6865— Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products

Possible ATT&CK Techniques 2AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-6865

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-6865

III. Intelligence Information for CVE-2026-6865

Same Patch Batch · Schneider Electric · 2026-05-12 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-6865

Leave a comment