CVE-2024-26293

High CVSS 8.7

Overview

The Avid Nexis Agent uses a vulnerable gSOAP
version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability.
This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

CWE: N/A Published: 2025-07-14T10:15:28.407

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.7 (HIGH)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags