JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal
Title: JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal
Advisory ID: ZSL-2026-5969
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information
Risk: (5/5)
Release Date: 10.02.2026
[07.02.2026] Vendor contacted.
[09.02.2026] No response from the vendor.
[10.02.2026] Public security advisory released.
[2] https://www.cve.org/cverecord?id=CVE-2026-25872
Web: https://www.zeroscience.mk
e-mail: [email protected]
Advisory ID: ZSL-2026-5969
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information
Risk: (5/5)
Release Date: 10.02.2026
Summary
The JUNG Smart Panel 5.1 KNX is a flush-mounted 5-inch touch-sensitive controller designed for managing smart building automation via the KNX system. It serves as a, intuitive, centralized interface for controlling lighting, shading, heating, and security, utilizing a 640 x 480-pixel color TFT screen running on embedded Linux.Description
The controller suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.Vendor
ALBRECHT JUNG GMBH & CO. KG - https://www.jung-group.com | https://www.jung.deAffected Version
L1.12.22Tested On
GNU/Linux 3.0.35-1.1.0Vendor Status
[06.02.2026] Vulnerability discovered.[07.02.2026] Vendor contacted.
[09.02.2026] No response from the vendor.
[10.02.2026] Public security advisory released.
PoC
jung_dir.txtCredits
Vulnerability discovered by Gjoko Krstic - <[email protected]>References
[1] https://www.vulncheck.com/advisories/jung-smart-panel-knx-unauthenticated-path-traversal[2] https://www.cve.org/cverecord?id=CVE-2026-25872
Changelog
[10.02.2026] - Initial releaseContact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: [email protected]
